Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-22150 (GCVE-0-2025-22150)
Vulnerability from cvelistv5 – Published: 2025-01-21 17:46 – Updated: 2025-02-12 20:41
VLAI?
EPSS
Summary
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.
Severity ?
6.8 (Medium)
CWE
- CWE-330 - Use of Insufficiently Random Values
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22150",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T18:34:22.789606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:41:22.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "undici",
"vendor": "nodejs",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.5.0, \u003c 5.28.5"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.21.1"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T17:46:58.872Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"name": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"name": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"name": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"name": "https://hackerone.com/reports/2913312",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/2913312"
},
{
"name": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"name": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
}
],
"source": {
"advisory": "GHSA-c76h-2ccp-4975",
"discovery": "UNKNOWN"
},
"title": "Undici Uses Insufficiently Random Values"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-22150",
"datePublished": "2025-01-21T17:46:58.872Z",
"dateReserved": "2024-12-30T03:00:33.654Z",
"dateUpdated": "2025-02-12T20:41:22.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-22150\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-01-21T18:15:14.887\",\"lastModified\":\"2025-01-21T18:15:14.887\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.\"},{\"lang\":\"es\",\"value\":\"Undici es un cliente HTTP/1.1. A partir de la versi\u00f3n 4.5.0 y antes de las versiones 5.28.5, 6.21.1 y 7.2.3, undici usa `Math.random()` para elegir el l\u00edmite de una solicitud multiparte/form-data. Se sabe que la salida de `Math.random()` se puede predecir si se conocen varios de sus valores generados. Si hay un mecanismo en una aplicaci\u00f3n que env\u00eda solicitudes multiparte a un sitio web controlado por un atacante, este puede usarlo para filtrar los valores necesarios. Por lo tanto, un atacante puede manipular las solicitudes que van a las API de backend si se cumplen ciertas condiciones. Esto se solucion\u00f3 en las versiones 5.28.5, 6.21.1 y 7.2.3. Como workaround, no env\u00ede solicitudes multiparte a servidores controlados por un atacante.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-330\"}]}],\"references\":[{\"url\":\"https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://hackerone.com/reports/2913312\",\"source\":\"security-advisories@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-22150\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-21T18:34:22.789606Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-12T20:33:10.324Z\"}}], \"cna\": {\"title\": \"Undici Uses Insufficiently Random Values\", \"source\": {\"advisory\": \"GHSA-c76h-2ccp-4975\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"nodejs\", \"product\": \"undici\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 4.5.0, \u003c 5.28.5\"}, {\"status\": \"affected\", \"version\": \"\u003e= 6.0.0, \u003c 6.21.1\"}, {\"status\": \"affected\", \"version\": \"\u003e= 7.0.0, \u003c 7.2.3\"}]}], \"references\": [{\"url\": \"https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975\", \"name\": \"https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0\", \"name\": \"https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a\", \"name\": \"https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385\", \"name\": \"https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://hackerone.com/reports/2913312\", \"name\": \"https://hackerone.com/reports/2913312\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f\", \"name\": \"https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113\", \"name\": \"https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-330\", \"description\": \"CWE-330: Use of Insufficiently Random Values\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-01-21T17:46:58.872Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-22150\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-12T20:41:22.041Z\", \"dateReserved\": \"2024-12-30T03:00:33.654Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-01-21T17:46:58.872Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2025:3374
Vulnerability from csaf_redhat - Published: 2025-03-27 20:51 - Updated: 2025-12-02 05:18Summary
Red Hat Security Advisory: Red Hat Developer Hub 1.5.1 release.
Notes
Topic
Red Hat Developer Hub 1.5.1 has been released.
Details
Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.5.1 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:3374",
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-47068",
"url": "https://access.redhat.com/security/cve/CVE-2024-47068"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-52798",
"url": "https://access.redhat.com/security/cve/CVE-2024-52798"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-55565",
"url": "https://access.redhat.com/security/cve/CVE-2024-55565"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-56201",
"url": "https://access.redhat.com/security/cve/CVE-2024-56201"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-56326",
"url": "https://access.redhat.com/security/cve/CVE-2024-56326"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-56334",
"url": "https://access.redhat.com/security/cve/CVE-2024-56334"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22150",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-29774",
"url": "https://access.redhat.com/security/cve/CVE-2025-29774"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-29775",
"url": "https://access.redhat.com/security/cve/CVE-2025-29775"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-27516",
"url": "https://access.redhat.com/security/cve/cve-2025-27516"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3374.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.5.1 release.",
"tracking": {
"current_release_date": "2025-12-02T05:18:06+00:00",
"generator": {
"date": "2025-12-02T05:18:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.13"
}
},
"id": "RHSA-2025:3374",
"initial_release_date": "2025-03-27T20:51:32+00:00",
"revision_history": [
{
"date": "2025-03-27T20:51:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-04-04T11:00:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-02T05:18:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.5",
"product": {
"name": "Red Hat Developer Hub 1.5",
"product_id": "Red Hat Developer Hub 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3A56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665?arch=amd64\u0026repository_url=registry.redhat.io/rhdh"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3Afb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158?arch=amd64\u0026repository_url=registry.redhat.io/rhdh"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3Ac870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5?arch=amd64\u0026repository_url=registry.redhat.io/rhdh"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64 as a component of Red Hat Developer Hub 1.5",
"product_id": "Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64 as a component of Red Hat Developer Hub 1.5",
"product_id": "Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64 as a component of Red Hat Developer Hub 1.5",
"product_id": "Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2024-47068",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-23T16:20:20.383320+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314249"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Rollup module bundler for JavaScript. Certain versions are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` such as `import.meta.url` in the `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements are present, for example, an `img` tag with an unsanitized `name` attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as moderate severity rather than important because it requires a specific and relatively uncommon attack vector to exploit\u2014namely, attacker-controlled scriptless HTML elements, such as an unsanitized name attribute in an img tag, which are typically less prevalent in well-maintained web applications. Additionally, the impact is limited to scenarios where import.meta is improperly handled in specific module formats (`cjs`, `umd`, `iife`), and the vulnerability can only lead to cross-site scripting (XSS) under specific conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47068"
},
{
"category": "external",
"summary": "RHBZ#2314249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314249"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47068"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47068",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47068"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162",
"url": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185",
"url": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4",
"url": "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541",
"url": "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm",
"url": "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm"
}
],
"release_date": "2024-09-23T16:15:06.947000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS"
},
{
"cve": "CVE-2024-52798",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-12-05T23:00:59.020167+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2330689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp. A path-to-regexp turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability exists because of an incomplete fix for CVE-2024-45296.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-52798"
},
{
"category": "external",
"summary": "RHBZ#2330689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-52798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52798"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4",
"url": "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w",
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w"
}
],
"release_date": "2024-12-05T22:45:42.774000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
},
{
"category": "workaround",
"details": "Avoid using two parameters within a single path segment when the separator is not, for example, /:a-:b. Alternatively, you can define the regex used for both parameters and ensure they do not overlap to allow backtracking.",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x"
},
{
"cve": "CVE-2024-55565",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-12-09T02:00:45.255738+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331063"
}
],
"notes": [
{
"category": "description",
"text": "nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nanoid: nanoid mishandles non-integer values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-55565"
},
{
"category": "external",
"summary": "RHBZ#2331063",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331063"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8",
"url": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/pull/510",
"url": "https://github.com/ai/nanoid/pull/510"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/releases/tag/5.0.9",
"url": "https://github.com/ai/nanoid/releases/tag/5.0.9"
}
],
"release_date": "2024-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nanoid: nanoid mishandles non-integer values"
},
{
"cve": "CVE-2024-56201",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2024-12-23T16:00:38.768252+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333854"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jinja2 package. A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of Jinja\u0027s sandbox being used. An attacker needs to be able to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications that execute untrusted templates where the template author can also choose the template filename.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jinja2: Jinja has a sandbox breakout through malicious filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has rated as a IMPORTANT flaw because an attacker controlling both the template content and filename to execute arbitrary Python code, bypassing the sandbox.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-56201"
},
{
"category": "external",
"summary": "RHBZ#2333854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56201"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f",
"url": "https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/issues/1792",
"url": "https://github.com/pallets/jinja/issues/1792"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/releases/tag/3.1.5",
"url": "https://github.com/pallets/jinja/releases/tag/3.1.5"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699",
"url": "https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699"
}
],
"release_date": "2024-12-23T15:37:36.110000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
},
{
"category": "workaround",
"details": "To mitigate this vulnerabilty restrict user-controlled template filenames, ensuring they follow a predefined templates.",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jinja2: Jinja has a sandbox breakout through malicious filenames"
},
{
"cve": "CVE-2024-56326",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"discovery_date": "2024-12-23T16:00:46.619763+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333856"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications that execute untrusted templates. Jinja\u0027s sandbox does catch calls to str.format and ensures they don\u0027t escape the sandbox. However, storing a reference to a malicious string\u0027s format method is possible, then passing that to a filter that calls it. No such filters are built into Jinja but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jinja2: Jinja has a sandbox breakout through indirect reference to format method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Moderate due to an oversight in Jinja\u0027s sandbox environment, allowing attackers to execute arbitrary Python code through controlled template content. This requires control over template content, making exploitation possible only in specific applications, thus limiting its overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-56326"
},
{
"category": "external",
"summary": "RHBZ#2333856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56326",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56326"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4",
"url": "https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/releases/tag/3.1.5",
"url": "https://github.com/pallets/jinja/releases/tag/3.1.5"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h",
"url": "https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h"
}
],
"release_date": "2024-12-23T15:43:49.400000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jinja2: Jinja has a sandbox breakout through indirect reference to format method"
},
{
"cve": "CVE-2024-56334",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2024-12-20T21:00:48.166699+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333587"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the systeminformation library for Node.js. In Windows systems, the SSID parameter of the `getWindowsIEEE8021x` function is not sanitized before it is passed to cmd.exe. This may allow a remote attacker to execute arbitrary commands on the target system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "systeminformation: Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in the systeminformation library is marked as a high-severity issue because it allows for the execution of arbitrary commands via an unsanitized SSID input passed to `cmd.exe`. Since this flaw can lead to remote code execution (RCE) or local privilege escalation, it provides an attacker with the potential to execute malicious scripts on the affected system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-56334"
},
{
"category": "external",
"summary": "RHBZ#2333587",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333587"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-56334",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56334"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56334",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56334"
},
{
"category": "external",
"summary": "https://github.com/sebhildebrandt/systeminformation/commit/f7af0a67b78e7894335a6cad510566a25e06ae41",
"url": "https://github.com/sebhildebrandt/systeminformation/commit/f7af0a67b78e7894335a6cad510566a25e06ae41"
},
{
"category": "external",
"summary": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-cvv5-9h9w-qp2m",
"url": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-cvv5-9h9w-qp2m"
}
],
"release_date": "2024-12-20T20:10:12.578000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "systeminformation: Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation"
},
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-27516",
"cwe": {
"id": "CWE-1336",
"name": "Improper Neutralization of Special Elements Used in a Template Engine"
},
"discovery_date": "2025-03-05T21:01:07.674606+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2350190"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jinja. In affected versions, an oversight in how the Jinja sandboxed environment interacts with the `|attr` filter allows an attacker who controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications that execute untrusted templates. Jinja\u0027s sandbox does catch calls to `str.format` and ensures they don\u0027t escape the sandbox. However, it\u0027s possible to use the `|attr` filter to get a reference to a string\u0027s plain format method, bypassing the sandbox.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jinja2: Jinja sandbox breakout through attr filter selecting format method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity due to the potential for an attacker to bypass Jinja\u0027s sandbox by exploiting the |attr filter, by controlling template content, an attacker can execute arbitrary Python code, impacting the integrity, confidentiality, and availability of the system. While the attack requires user interaction to trigger untrusted templates, the risk is significant in applications that allow such templates to be executed.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-27516"
},
{
"category": "external",
"summary": "RHBZ#2350190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2350190"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27516",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27516"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403",
"url": "https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7",
"url": "https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7"
}
],
"release_date": "2025-03-05T20:40:06.568000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jinja2: Jinja sandbox breakout through attr filter selecting format method"
},
{
"cve": "CVE-2025-29774",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-03-14T18:01:09.149253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2352596"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the xml-crypto library for Node.js. An attacker can exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto to verify signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xml-crypto: xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-29774"
},
{
"category": "external",
"summary": "RHBZ#2352596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352596"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-29774",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29774"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-29774",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29774"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed",
"url": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98",
"url": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07",
"url": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g",
"url": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g"
}
],
"release_date": "2025-03-14T17:05:53.943000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xml-crypto: xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References"
},
{
"cve": "CVE-2025-29775",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-03-14T18:01:22.409532+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2352600"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the xml-crypto library for Node.js. An attacker can exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto to verify signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xml-crypto: xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-29775"
},
{
"category": "external",
"summary": "RHBZ#2352600",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352600"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-29775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-29775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29775"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed",
"url": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98",
"url": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07",
"url": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-x3m8-899r-f7c3",
"url": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-x3m8-899r-f7c3"
}
],
"release_date": "2025-03-14T17:11:05.590000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xml-crypto: xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment"
}
]
}
RHSA-2025:1931
Vulnerability from csaf_redhat - Published: 2025-02-27 16:14 - Updated: 2025-11-21 19:38Summary
Red Hat Security Advisory: Red Hat Developer Hub 1.4.2 release.
Notes
Topic
Red Hat Developer Hub 1.4.2 has been released.
Details
Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.4.2 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1931",
"url": "https://access.redhat.com/errata/RHSA-2025:1931"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22150",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-30261",
"url": "https://access.redhat.com/security/cve/CVE-2024-30261"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1931.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.4.2 release.",
"tracking": {
"current_release_date": "2025-11-21T19:38:54+00:00",
"generator": {
"date": "2025-11-21T19:38:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:1931",
"initial_release_date": "2025-02-27T16:14:24+00:00",
"revision_history": [
{
"date": "2025-02-27T16:14:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-05T14:04:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:38:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub (RHDH) 1.4",
"product": {
"name": "Red Hat Developer Hub (RHDH) 1.4",
"product_id": "Red Hat Developer Hub (RHDH) 1.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub (RHDH)"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3A5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7?arch=amd64\u0026repository_url=registry.redhat.io/rhdh"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3A8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef?arch=amd64\u0026repository_url=registry.redhat.io/rhdh"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3Ac3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850?arch=amd64\u0026repository_url=registry.redhat.io/rhdh"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4",
"product_id": "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64",
"relates_to_product_reference": "Red Hat Developer Hub (RHDH) 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4",
"product_id": "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"relates_to_product_reference": "Red Hat Developer Hub (RHDH) 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4",
"product_id": "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64",
"relates_to_product_reference": "Red Hat Developer Hub (RHDH) 1.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30261",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2024-04-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2273519"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the nodejs-undici package. This issue may allow an attacker to alter the integrity option passed to fetch(), allowing fetch() to accept requests as valid even if they have been tampered with.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-undici: fetch() with integrity option is too lax when algorithm is specified but hash value is in incorrect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30261"
},
{
"category": "external",
"summary": "RHBZ#2273519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30261",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30261"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30261",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30261"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-27T16:14:24+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1931"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-undici: fetch() with integrity option is too lax when algorithm is specified but hash value is in incorrect"
},
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-27T16:14:24+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
}
]
}
RHSA-2025:3368
Vulnerability from csaf_redhat - Published: 2025-03-27 17:45 - Updated: 2025-12-02 06:23Summary
Red Hat Security Advisory: RHOAI 2.16.0 - Red Hat OpenShift AI
Notes
Topic
Updated images are now available for Red Hat OpenShift AI.
Details
Release of RHOAI 2.16.0 provides these changes:
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat OpenShift AI.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of RHOAI 2.16.0 provides these changes:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:3368",
"url": "https://access.redhat.com/errata/RHSA-2025:3368"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-21538",
"url": "https://access.redhat.com/security/cve/CVE-2024-21538"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45296",
"url": "https://access.redhat.com/security/cve/CVE-2024-45296"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45339",
"url": "https://access.redhat.com/security/cve/CVE-2024-45339"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-52798",
"url": "https://access.redhat.com/security/cve/CVE-2024-52798"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-55565",
"url": "https://access.redhat.com/security/cve/CVE-2024-55565"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-56171",
"url": "https://access.redhat.com/security/cve/CVE-2024-56171"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-56201",
"url": "https://access.redhat.com/security/cve/CVE-2024-56201"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22150",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-24928",
"url": "https://access.redhat.com/security/cve/CVE-2025-24928"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-26791",
"url": "https://access.redhat.com/security/cve/CVE-2025-26791"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3368.json"
}
],
"title": "Red Hat Security Advisory: RHOAI 2.16.0 - Red Hat OpenShift AI",
"tracking": {
"current_release_date": "2025-12-02T06:23:38+00:00",
"generator": {
"date": "2025-12-02T06:23:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.13"
}
},
"id": "RHSA-2025:3368",
"initial_release_date": "2025-03-27T17:45:39+00:00",
"revision_history": [
{
"date": "2025-03-27T17:45:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-20T09:36:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-02T06:23:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift AI 2.16",
"product": {
"name": "Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_ai:2.16::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"product_id": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-codeflare-operator-rhel8@sha256%3A8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742489156"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel8@sha256%3A13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1741963152"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-argoexec-rhel8@sha256%3Aee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742851855"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256%3Ad7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742851855"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-operator-controller-rhel8@sha256%3Aa0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742487380"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kf-notebook-controller-rhel8@sha256%3A2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742487225"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kuberay-operator-controller-rhel8@sha256%3A5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742487199"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kueue-controller-rhel8@sha256%3A036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742569683"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-api-server-v2-rhel8@sha256%3Abe47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742851679"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-driver-rhel8@sha256%3A2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742851679"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-launcher-rhel8@sha256%3A8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742851679"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256%3A96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742851679"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256%3A52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742851679"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mlmd-grpc-server-rhel8@sha256%3A5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742487039"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mm-rest-proxy-rhel8@sha256%3Af738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1741882429"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel8@sha256%3A6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742480582"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-operator-rhel8@sha256%3A22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742488678"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-rhel8@sha256%3Ade5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742489233"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-runtime-adapter-rhel8@sha256%3A4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742488070"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-serving-controller-rhel8@sha256%3A11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742487789"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-rhel8@sha256%3Ac499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742490565"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"product_id": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-notebook-controller-rhel8@sha256%3A4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742487225"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"product_id": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-operator-bundle@sha256%3A0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742921697"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"product_id": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel8-operator@sha256%3Ac11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.1-1742921168"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"product_id": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-training-operator-rhel8@sha256%3Ac8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742896493"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-operator-rhel8@sha256%3A3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742891516"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-rhel8@sha256%3A633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742487757"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-21538",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-11-08T13:44:29.182678+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2324550"
}
],
"notes": [
{
"category": "description",
"text": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cross-spawn: regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-21538"
},
{
"category": "external",
"summary": "RHBZ#2324550",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324550"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21538",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21538"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff",
"url": "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f",
"url": "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/pull/160",
"url": "https://github.com/moxystudio/node-cross-spawn/pull/160"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230",
"url": "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230"
}
],
"release_date": "2024-11-08T05:00:04.695000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T17:45:39+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3368"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "cross-spawn: regular expression denial of service"
},
{
"cve": "CVE-2024-45296",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-09-09T19:20:18.127723+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310908"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: Backtracking regular expressions cause ReDoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45296"
},
{
"category": "external",
"summary": "RHBZ#2310908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f",
"url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6",
"url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j",
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j"
}
],
"release_date": "2024-09-09T19:15:13.330000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T17:45:39+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3368"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "path-to-regexp: Backtracking regular expressions cause ReDoS"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T17:45:39+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3368"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2024-45339",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-01-28T02:00:48.029971+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342463"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glog, a logging library. This vulnerability allows an unprivileged attacker to overwrite sensitive files via a symbolic link planted in a widely writable directory, exploiting the log file path predictability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/golang/glog: Vulnerability when creating log files in github.com/golang/glog",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45339"
},
{
"category": "external",
"summary": "RHBZ#2342463",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342463"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45339"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45339",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45339"
},
{
"category": "external",
"summary": "https://github.com/golang/glog/pull/74",
"url": "https://github.com/golang/glog/pull/74"
},
{
"category": "external",
"summary": "https://github.com/golang/glog/pull/74/commits/b8741656e406e66d6992bc2c9575e460ecaa0ec2",
"url": "https://github.com/golang/glog/pull/74/commits/b8741656e406e66d6992bc2c9575e460ecaa0ec2"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/H-Q4ouHWyKs",
"url": "https://groups.google.com/g/golang-announce/c/H-Q4ouHWyKs"
},
{
"category": "external",
"summary": "https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File",
"url": "https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3372",
"url": "https://pkg.go.dev/vuln/GO-2025-3372"
}
],
"release_date": "2025-01-28T01:03:24.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T17:45:39+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3368"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/golang/glog: Vulnerability when creating log files in github.com/golang/glog"
},
{
"cve": "CVE-2024-52798",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-12-05T23:00:59.020167+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2330689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp. A path-to-regexp turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability exists because of an incomplete fix for CVE-2024-45296.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-52798"
},
{
"category": "external",
"summary": "RHBZ#2330689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-52798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52798"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4",
"url": "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w",
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w"
}
],
"release_date": "2024-12-05T22:45:42.774000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T17:45:39+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3368"
},
{
"category": "workaround",
"details": "Avoid using two parameters within a single path segment when the separator is not, for example, /:a-:b. Alternatively, you can define the regex used for both parameters and ensure they do not overlap to allow backtracking.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x"
},
{
"cve": "CVE-2024-55565",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-12-09T02:00:45.255738+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331063"
}
],
"notes": [
{
"category": "description",
"text": "nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nanoid: nanoid mishandles non-integer values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-55565"
},
{
"category": "external",
"summary": "RHBZ#2331063",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331063"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8",
"url": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/pull/510",
"url": "https://github.com/ai/nanoid/pull/510"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/releases/tag/5.0.9",
"url": "https://github.com/ai/nanoid/releases/tag/5.0.9"
}
],
"release_date": "2024-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T17:45:39+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3368"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nanoid: nanoid mishandles non-integer values"
},
{
"cve": "CVE-2024-56171",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-02-18T23:01:25.366636+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2346416"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Use-After-Free in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important because it involves a use-after-free flaw in the xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables functions. A maliciously crafted XML document or schema, containing specific identity constraints, can be used to trigger this vulnerability and potentially gain unauthorized access or cause a denial-of-service condition.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-56171"
},
{
"category": "external",
"summary": "RHBZ#2346416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346416"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56171"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/828",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/828"
}
],
"release_date": "2025-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T17:45:39+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3368"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml2: Use-After-Free in libxml2"
},
{
"cve": "CVE-2024-56201",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2024-12-23T16:00:38.768252+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333854"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jinja2 package. A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of Jinja\u0027s sandbox being used. An attacker needs to be able to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications that execute untrusted templates where the template author can also choose the template filename.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jinja2: Jinja has a sandbox breakout through malicious filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has rated as a IMPORTANT flaw because an attacker controlling both the template content and filename to execute arbitrary Python code, bypassing the sandbox.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-56201"
},
{
"category": "external",
"summary": "RHBZ#2333854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56201"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f",
"url": "https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/issues/1792",
"url": "https://github.com/pallets/jinja/issues/1792"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/releases/tag/3.1.5",
"url": "https://github.com/pallets/jinja/releases/tag/3.1.5"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699",
"url": "https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699"
}
],
"release_date": "2024-12-23T15:37:36.110000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T17:45:39+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3368"
},
{
"category": "workaround",
"details": "To mitigate this vulnerabilty restrict user-controlled template filenames, ensuring they follow a predefined templates.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jinja2: Jinja has a sandbox breakout through malicious filenames"
},
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T17:45:39+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3368"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-24928",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-02-18T23:01:36.502916+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2346421"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important because it involves a stack-based buffer overflow in the xmlSnprintfElements function within valid.c. Exploiting this issue requires DTD validation to occur on an untrusted document or untrusted DTD, making it a potential security risk for applications using libxml2 that do not adequately restrict DTD input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-24928"
},
{
"category": "external",
"summary": "RHBZ#2346421",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346421"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-24928",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24928"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/847",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/847"
},
{
"category": "external",
"summary": "https://issues.oss-fuzz.com/issues/392687022",
"url": "https://issues.oss-fuzz.com/issues/392687022"
}
],
"release_date": "2025-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T17:45:39+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3368"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2"
},
{
"cve": "CVE-2025-26791",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2025-02-14T09:00:45.578144+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2345695"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in DOMPurify. This vulnerability allows attackers to execute mutation-based Cross-site scripting (mXSS) via an incorrect template literal regular expression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-26791"
},
{
"category": "external",
"summary": "RHBZ#2345695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-26791",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26791"
},
{
"category": "external",
"summary": "https://ensy.zip/posts/dompurify-323-bypass/",
"url": "https://ensy.zip/posts/dompurify-323-bypass/"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02",
"url": "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/releases/tag/3.2.4",
"url": "https://github.com/cure53/DOMPurify/releases/tag/3.2.4"
},
{
"category": "external",
"summary": "https://nsysean.github.io/posts/dompurify-323-bypass/",
"url": "https://nsysean.github.io/posts/dompurify-323-bypass/"
}
],
"release_date": "2025-02-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T17:45:39+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3368"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling"
}
]
}
RHSA-2025:1582
Vulnerability from csaf_redhat - Published: 2025-02-17 12:52 - Updated: 2025-11-21 19:25Summary
Red Hat Security Advisory: nodejs:18 security update
Notes
Topic
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1582",
"url": "https://access.redhat.com/errata/RHSA-2025:1582"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1582.json"
}
],
"title": "Red Hat Security Advisory: nodejs:18 security update",
"tracking": {
"current_release_date": "2025-11-21T19:25:59+00:00",
"generator": {
"date": "2025-11-21T19:25:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:1582",
"initial_release_date": "2025-02-17T12:52:35+00:00",
"revision_history": [
{
"date": "2025-02-17T12:52:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-17T12:52:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:25:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src::nodejs:18",
"product": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src (nodejs:18)",
"product_id": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=src\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src::nodejs:18",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src (nodejs:18)",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B21159%2Bf5a7145d?arch=src\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src::nodejs:18",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src (nodejs:18)",
"product_id": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.9.0%2B19439%2B7b18b275?arch=src\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch::nodejs:18",
"product": {
"name": "nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch (nodejs:18)",
"product_id": "nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch::nodejs:18",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch (nodejs:18)",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B21159%2Bf5a7145d?arch=noarch\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch::nodejs:18",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch (nodejs:18)",
"product_id": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.9.0%2B19439%2B7b18b275?arch=noarch\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch::nodejs:18",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch (nodejs:18)",
"product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel8.9.0%2B19439%2B7b18b275?arch=noarch\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"product": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64 (nodejs:18)",
"product_id": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"product": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64 (nodejs:18)",
"product_id": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"product": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64 (nodejs:18)",
"product_id": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"product": {
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64 (nodejs:18)",
"product_id": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"product": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64 (nodejs:18)",
"product_id": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"product": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64 (nodejs:18)",
"product_id": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"product": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le (nodejs:18)",
"product_id": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"product": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le (nodejs:18)",
"product_id": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"product": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le (nodejs:18)",
"product_id": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"product": {
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le (nodejs:18)",
"product_id": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"product": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le (nodejs:18)",
"product_id": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"product": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le (nodejs:18)",
"product_id": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"product": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x (nodejs:18)",
"product_id": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"product": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x (nodejs:18)",
"product_id": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"product": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x (nodejs:18)",
"product_id": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"product": {
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x (nodejs:18)",
"product_id": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"product": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x (nodejs:18)",
"product_id": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"product": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x (nodejs:18)",
"product_id": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"product": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64 (nodejs:18)",
"product_id": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"product": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64 (nodejs:18)",
"product_id": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"product": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64 (nodejs:18)",
"product_id": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"product": {
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64 (nodejs:18)",
"product_id": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"product": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64 (nodejs:18)",
"product_id": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"product": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64 (nodejs:18)",
"product_id": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18"
},
"product_reference": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18"
},
"product_reference": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18"
},
"product_reference": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src::nodejs:18"
},
"product_reference": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18"
},
"product_reference": "nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18"
},
"product_reference": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18"
},
"product_reference": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18"
},
"product_reference": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18"
},
"product_reference": "nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18"
},
"product_reference": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18"
},
"product_reference": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18"
},
"product_reference": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18"
},
"product_reference": "nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18"
},
"product_reference": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18"
},
"product_reference": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18"
},
"product_reference": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18"
},
"product_reference": "nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch::nodejs:18"
},
"product_reference": "nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18"
},
"product_reference": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18"
},
"product_reference": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18"
},
"product_reference": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18"
},
"product_reference": "nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch::nodejs:18"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src::nodejs:18"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch::nodejs:18"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src::nodejs:18"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch::nodejs:18"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18"
},
"product_reference": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18"
},
"product_reference": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18"
},
"product_reference": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18"
},
"product_reference": "npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T12:52:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1582"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T12:52:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1582"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.src::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+21159+f5a7145d.src::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.9.0+19439+7b18b275.src::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+19439+7b18b275.noarch::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x::nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64::nodejs:18"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
RHSA-2025:3397
Vulnerability from csaf_redhat - Published: 2025-03-31 08:04 - Updated: 2025-12-02 06:23Summary
Red Hat Security Advisory: RHOAI 2.16.0 - Red Hat OpenShift AI
Notes
Topic
Updated images are now available for Red Hat OpenShift AI.
Details
Release of RHOAI 2.16.0 provides these changes:
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat OpenShift AI.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of RHOAI 2.16.0 provides these changes:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:3397",
"url": "https://access.redhat.com/errata/RHSA-2025:3397"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-21538",
"url": "https://access.redhat.com/security/cve/CVE-2024-21538"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45296",
"url": "https://access.redhat.com/security/cve/CVE-2024-45296"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45339",
"url": "https://access.redhat.com/security/cve/CVE-2024-45339"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-52798",
"url": "https://access.redhat.com/security/cve/CVE-2024-52798"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-55565",
"url": "https://access.redhat.com/security/cve/CVE-2024-55565"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-56171",
"url": "https://access.redhat.com/security/cve/CVE-2024-56171"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-56201",
"url": "https://access.redhat.com/security/cve/CVE-2024-56201"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22150",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-24928",
"url": "https://access.redhat.com/security/cve/CVE-2025-24928"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-26791",
"url": "https://access.redhat.com/security/cve/CVE-2025-26791"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3397.json"
}
],
"title": "Red Hat Security Advisory: RHOAI 2.16.0 - Red Hat OpenShift AI",
"tracking": {
"current_release_date": "2025-12-02T06:23:39+00:00",
"generator": {
"date": "2025-12-02T06:23:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.13"
}
},
"id": "RHSA-2025:3397",
"initial_release_date": "2025-03-31T08:04:43+00:00",
"revision_history": [
{
"date": "2025-03-31T08:04:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-20T09:36:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-02T06:23:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift AI 2.16",
"product": {
"name": "Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_ai:2.16::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"product_id": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-codeflare-operator-rhel8@sha256%3A04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1743007500"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel8@sha256%3A13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1741963152"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-argoexec-rhel8@sha256%3Aee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742851855"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256%3Ad7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742851855"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-operator-controller-rhel8@sha256%3Aa0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742487380"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kf-notebook-controller-rhel8@sha256%3A2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742487225"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kuberay-operator-controller-rhel8@sha256%3A65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1743007122"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kueue-controller-rhel8@sha256%3A7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1743007660"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-api-server-v2-rhel8@sha256%3A23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1743008335"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-driver-rhel8@sha256%3Aefd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1743008335"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-launcher-rhel8@sha256%3A27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1743008335"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256%3A5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1743008335"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256%3A4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1743008335"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mlmd-grpc-server-rhel8@sha256%3A5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742487039"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mm-rest-proxy-rhel8@sha256%3Af738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1741882429"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel8@sha256%3A6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742480582"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-operator-rhel8@sha256%3A22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742488678"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-rhel8@sha256%3Ade5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742489233"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-runtime-adapter-rhel8@sha256%3A4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742488070"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-serving-controller-rhel8@sha256%3A11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742487789"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-rhel8@sha256%3Ac499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742490565"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"product_id": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-notebook-controller-rhel8@sha256%3A4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742487225"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"product_id": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-operator-bundle@sha256%3Ac249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1743106241"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"product_id": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel8-operator@sha256%3A3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1743105405"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"product_id": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-training-operator-rhel8@sha256%3Ac8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742896493"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-operator-rhel8@sha256%3Af37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742982653"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-rhel8@sha256%3A633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742487757"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-21538",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-11-08T13:44:29.182678+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2324550"
}
],
"notes": [
{
"category": "description",
"text": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cross-spawn: regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-21538"
},
{
"category": "external",
"summary": "RHBZ#2324550",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324550"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21538",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21538"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff",
"url": "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f",
"url": "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/pull/160",
"url": "https://github.com/moxystudio/node-cross-spawn/pull/160"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230",
"url": "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230"
}
],
"release_date": "2024-11-08T05:00:04.695000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-31T08:04:43+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3397"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "cross-spawn: regular expression denial of service"
},
{
"cve": "CVE-2024-45296",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-09-09T19:20:18.127723+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310908"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: Backtracking regular expressions cause ReDoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45296"
},
{
"category": "external",
"summary": "RHBZ#2310908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f",
"url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6",
"url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j",
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j"
}
],
"release_date": "2024-09-09T19:15:13.330000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-31T08:04:43+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3397"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "path-to-regexp: Backtracking regular expressions cause ReDoS"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-31T08:04:43+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3397"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2024-45339",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-01-28T02:00:48.029971+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342463"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glog, a logging library. This vulnerability allows an unprivileged attacker to overwrite sensitive files via a symbolic link planted in a widely writable directory, exploiting the log file path predictability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/golang/glog: Vulnerability when creating log files in github.com/golang/glog",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45339"
},
{
"category": "external",
"summary": "RHBZ#2342463",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342463"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45339"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45339",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45339"
},
{
"category": "external",
"summary": "https://github.com/golang/glog/pull/74",
"url": "https://github.com/golang/glog/pull/74"
},
{
"category": "external",
"summary": "https://github.com/golang/glog/pull/74/commits/b8741656e406e66d6992bc2c9575e460ecaa0ec2",
"url": "https://github.com/golang/glog/pull/74/commits/b8741656e406e66d6992bc2c9575e460ecaa0ec2"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/H-Q4ouHWyKs",
"url": "https://groups.google.com/g/golang-announce/c/H-Q4ouHWyKs"
},
{
"category": "external",
"summary": "https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File",
"url": "https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3372",
"url": "https://pkg.go.dev/vuln/GO-2025-3372"
}
],
"release_date": "2025-01-28T01:03:24.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-31T08:04:43+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3397"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/golang/glog: Vulnerability when creating log files in github.com/golang/glog"
},
{
"cve": "CVE-2024-52798",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-12-05T23:00:59.020167+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2330689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp. A path-to-regexp turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability exists because of an incomplete fix for CVE-2024-45296.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-52798"
},
{
"category": "external",
"summary": "RHBZ#2330689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-52798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52798"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4",
"url": "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w",
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w"
}
],
"release_date": "2024-12-05T22:45:42.774000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-31T08:04:43+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3397"
},
{
"category": "workaround",
"details": "Avoid using two parameters within a single path segment when the separator is not, for example, /:a-:b. Alternatively, you can define the regex used for both parameters and ensure they do not overlap to allow backtracking.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x"
},
{
"cve": "CVE-2024-55565",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-12-09T02:00:45.255738+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331063"
}
],
"notes": [
{
"category": "description",
"text": "nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nanoid: nanoid mishandles non-integer values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-55565"
},
{
"category": "external",
"summary": "RHBZ#2331063",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331063"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8",
"url": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/pull/510",
"url": "https://github.com/ai/nanoid/pull/510"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/releases/tag/5.0.9",
"url": "https://github.com/ai/nanoid/releases/tag/5.0.9"
}
],
"release_date": "2024-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-31T08:04:43+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3397"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nanoid: nanoid mishandles non-integer values"
},
{
"cve": "CVE-2024-56171",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-02-18T23:01:25.366636+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2346416"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Use-After-Free in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important because it involves a use-after-free flaw in the xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables functions. A maliciously crafted XML document or schema, containing specific identity constraints, can be used to trigger this vulnerability and potentially gain unauthorized access or cause a denial-of-service condition.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-56171"
},
{
"category": "external",
"summary": "RHBZ#2346416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346416"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56171"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/828",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/828"
}
],
"release_date": "2025-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-31T08:04:43+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3397"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml2: Use-After-Free in libxml2"
},
{
"cve": "CVE-2024-56201",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2024-12-23T16:00:38.768252+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333854"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jinja2 package. A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of Jinja\u0027s sandbox being used. An attacker needs to be able to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications that execute untrusted templates where the template author can also choose the template filename.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jinja2: Jinja has a sandbox breakout through malicious filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has rated as a IMPORTANT flaw because an attacker controlling both the template content and filename to execute arbitrary Python code, bypassing the sandbox.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-56201"
},
{
"category": "external",
"summary": "RHBZ#2333854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56201"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f",
"url": "https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/issues/1792",
"url": "https://github.com/pallets/jinja/issues/1792"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/releases/tag/3.1.5",
"url": "https://github.com/pallets/jinja/releases/tag/3.1.5"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699",
"url": "https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699"
}
],
"release_date": "2024-12-23T15:37:36.110000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-31T08:04:43+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3397"
},
{
"category": "workaround",
"details": "To mitigate this vulnerabilty restrict user-controlled template filenames, ensuring they follow a predefined templates.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jinja2: Jinja has a sandbox breakout through malicious filenames"
},
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-31T08:04:43+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3397"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-24928",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-02-18T23:01:36.502916+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2346421"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important because it involves a stack-based buffer overflow in the xmlSnprintfElements function within valid.c. Exploiting this issue requires DTD validation to occur on an untrusted document or untrusted DTD, making it a potential security risk for applications using libxml2 that do not adequately restrict DTD input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-24928"
},
{
"category": "external",
"summary": "RHBZ#2346421",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346421"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-24928",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24928"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/847",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/847"
},
{
"category": "external",
"summary": "https://issues.oss-fuzz.com/issues/392687022",
"url": "https://issues.oss-fuzz.com/issues/392687022"
}
],
"release_date": "2025-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-31T08:04:43+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3397"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2"
},
{
"cve": "CVE-2025-26791",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2025-02-14T09:00:45.578144+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2345695"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in DOMPurify. This vulnerability allows attackers to execute mutation-based Cross-site scripting (mXSS) via an incorrect template literal regular expression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-26791"
},
{
"category": "external",
"summary": "RHBZ#2345695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-26791",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26791"
},
{
"category": "external",
"summary": "https://ensy.zip/posts/dompurify-323-bypass/",
"url": "https://ensy.zip/posts/dompurify-323-bypass/"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02",
"url": "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/releases/tag/3.2.4",
"url": "https://github.com/cure53/DOMPurify/releases/tag/3.2.4"
},
{
"category": "external",
"summary": "https://nsysean.github.io/posts/dompurify-323-bypass/",
"url": "https://nsysean.github.io/posts/dompurify-323-bypass/"
}
],
"release_date": "2025-02-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-31T08:04:43+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3397"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling"
}
]
}
RHSA-2025:1446
Vulnerability from csaf_redhat - Published: 2025-02-13 16:03 - Updated: 2025-11-21 19:23Summary
Red Hat Security Advisory: nodejs:18 security update
Notes
Topic
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1446",
"url": "https://access.redhat.com/errata/RHSA-2025:1446"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1446.json"
}
],
"title": "Red Hat Security Advisory: nodejs:18 security update",
"tracking": {
"current_release_date": "2025-11-21T19:23:47+00:00",
"generator": {
"date": "2025-11-21T19:23:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:1446",
"initial_release_date": "2025-02-13T16:03:15+00:00",
"revision_history": [
{
"date": "2025-02-13T16:03:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-13T16:03:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:23:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src::nodejs:18",
"product": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src (nodejs:18)",
"product_id": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=src\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src::nodejs:18",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src (nodejs:18)",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=src\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src::nodejs:18",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src (nodejs:18)",
"product_id": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.5.0%2B22773%2B9a359385?arch=src\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"product": {
"name": "nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch (nodejs:18)",
"product_id": "nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch (nodejs:18)",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=noarch\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch (nodejs:18)",
"product_id": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.5.0%2B22773%2B9a359385?arch=noarch\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch (nodejs:18)",
"product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel9.5.0%2B22773%2B9a359385?arch=noarch\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"product": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64 (nodejs:18)",
"product_id": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"product": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64 (nodejs:18)",
"product_id": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"product": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64 (nodejs:18)",
"product_id": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"product": {
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64 (nodejs:18)",
"product_id": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"product": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64 (nodejs:18)",
"product_id": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"product": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64 (nodejs:18)",
"product_id": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel9.5.0%2B22773%2B9a359385?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"product": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le (nodejs:18)",
"product_id": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"product": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le (nodejs:18)",
"product_id": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"product": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le (nodejs:18)",
"product_id": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"product": {
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le (nodejs:18)",
"product_id": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"product": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le (nodejs:18)",
"product_id": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"product": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le (nodejs:18)",
"product_id": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel9.5.0%2B22773%2B9a359385?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"product": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x (nodejs:18)",
"product_id": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"product": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x (nodejs:18)",
"product_id": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"product": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x (nodejs:18)",
"product_id": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"product": {
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x (nodejs:18)",
"product_id": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"product": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x (nodejs:18)",
"product_id": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"product": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x (nodejs:18)",
"product_id": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel9.5.0%2B22773%2B9a359385?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"product": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64 (nodejs:18)",
"product_id": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"product": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64 (nodejs:18)",
"product_id": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"product": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64 (nodejs:18)",
"product_id": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"product": {
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64 (nodejs:18)",
"product_id": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"product": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64 (nodejs:18)",
"product_id": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"product": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64 (nodejs:18)",
"product_id": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel9.5.0%2B22773%2B9a359385?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18"
},
"product_reference": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18"
},
"product_reference": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18"
},
"product_reference": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src::nodejs:18"
},
"product_reference": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18"
},
"product_reference": "nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18"
},
"product_reference": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18"
},
"product_reference": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18"
},
"product_reference": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18"
},
"product_reference": "nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18"
},
"product_reference": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18"
},
"product_reference": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18"
},
"product_reference": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18"
},
"product_reference": "nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18"
},
"product_reference": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18"
},
"product_reference": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18"
},
"product_reference": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18"
},
"product_reference": "nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch::nodejs:18"
},
"product_reference": "nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18"
},
"product_reference": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18"
},
"product_reference": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18"
},
"product_reference": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18"
},
"product_reference": "nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch::nodejs:18"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src::nodejs:18"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch::nodejs:18"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src::nodejs:18"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch::nodejs:18"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18"
},
"product_reference": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18"
},
"product_reference": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x::nodejs:18"
},
"product_reference": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64 (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18"
},
"product_reference": "npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-13T16:03:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1446"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-13T16:03:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1446"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.src::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:18.20.6-1.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:18.20.6-1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22773+9a359385.src::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22773+9a359385.src::nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22773+9a359385.noarch::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x::nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64::nodejs:18"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
RHSA-2025:17145
Vulnerability from csaf_redhat - Published: 2025-10-01 12:01 - Updated: 2025-11-21 19:38Summary
Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.17 security, enhancement & bug fix update
Notes
Topic
Red Hat OpenShift Data Foundation 4.17 security, enhancement & bug fix update
Details
Red Hat OpenShift Data Foundation 4.17 security, enhancement & bug fix update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Data Foundation 4.17 security, enhancement \u0026 bug fix update",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Data Foundation 4.17 security, enhancement \u0026 bug fix update.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:17145",
"url": "https://access.redhat.com/errata/RHSA-2025:17145"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22150",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_17145.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.17 security, enhancement \u0026 bug fix update",
"tracking": {
"current_release_date": "2025-11-21T19:38:48+00:00",
"generator": {
"date": "2025-11-21T19:38:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:17145",
"initial_release_date": "2025-10-01T12:01:32+00:00",
"revision_history": [
{
"date": "2025-10-01T12:01:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-01T12:01:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:38:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Openshift Data Foundation 4.17",
"product": {
"name": "Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_data_foundation:4.17::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Openshift Data Foundation"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:c7838c0b696349f697f2c7a165667e09799ef620a7e712ab715c3af23a40bb1c_amd64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:c7838c0b696349f697f2c7a165667e09799ef620a7e712ab715c3af23a40bb1c_amd64",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:c7838c0b696349f697f2c7a165667e09799ef620a7e712ab715c3af23a40bb1c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3Ac7838c0b696349f697f2c7a165667e09799ef620a7e712ab715c3af23a40bb1c?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605117"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:9d814cd9d871c4d4388ff9a770ccf65c1e2c0b84a9834f41ed30c17088d6026c_amd64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:9d814cd9d871c4d4388ff9a770ccf65c1e2c0b84a9834f41ed30c17088d6026c_amd64",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:9d814cd9d871c4d4388ff9a770ccf65c1e2c0b84a9834f41ed30c17088d6026c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3A9d814cd9d871c4d4388ff9a770ccf65c1e2c0b84a9834f41ed30c17088d6026c?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757611956"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:218873830ae5140be10349b08bca288a66cd837d83c1c4eb7026cf2f81dea62a_amd64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:218873830ae5140be10349b08bca288a66cd837d83c1c4eb7026cf2f81dea62a_amd64",
"product_id": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:218873830ae5140be10349b08bca288a66cd837d83c1c4eb7026cf2f81dea62a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-operator-bundle@sha256%3A218873830ae5140be10349b08bca288a66cd837d83c1c4eb7026cf2f81dea62a?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757612488"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:145342094b8a2473ffc05f2f12db525712af6e6fcce7761a98c0e2ba5c79233f_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:145342094b8a2473ffc05f2f12db525712af6e6fcce7761a98c0e2ba5c79233f_amd64",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:145342094b8a2473ffc05f2f12db525712af6e6fcce7761a98c0e2ba5c79233f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3A145342094b8a2473ffc05f2f12db525712af6e6fcce7761a98c0e2ba5c79233f?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605062"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:b993ba30c006766d1327e047d5744704421eb533dda807ca467091270088f0dc_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:b993ba30c006766d1327e047d5744704421eb533dda807ca467091270088f0dc_amd64",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:b993ba30c006766d1327e047d5744704421eb533dda807ca467091270088f0dc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3Ab993ba30c006766d1327e047d5744704421eb533dda807ca467091270088f0dc?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605118"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:ed9e6e1a9d9d1956e40374800afe592bb3f6e61a7edd16dea844624e869c2ba0_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:ed9e6e1a9d9d1956e40374800afe592bb3f6e61a7edd16dea844624e869c2ba0_amd64",
"product_id": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:ed9e6e1a9d9d1956e40374800afe592bb3f6e61a7edd16dea844624e869c2ba0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256%3Aed9e6e1a9d9d1956e40374800afe592bb3f6e61a7edd16dea844624e869c2ba0?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757612498"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:c5eee39bf3802d1dcf532ddd9e3593b2ca1d9e806d5967b824f352616a72ebcf_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:c5eee39bf3802d1dcf532ddd9e3593b2ca1d9e806d5967b824f352616a72ebcf_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:c5eee39bf3802d1dcf532ddd9e3593b2ca1d9e806d5967b824f352616a72ebcf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3Ac5eee39bf3802d1dcf532ddd9e3593b2ca1d9e806d5967b824f352616a72ebcf?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605189"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3da88817c32a6a141182164a6722bddbab9ef9e5d8521f0e714ea526a603b92e_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3da88817c32a6a141182164a6722bddbab9ef9e5d8521f0e714ea526a603b92e_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3da88817c32a6a141182164a6722bddbab9ef9e5d8521f0e714ea526a603b92e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A3da88817c32a6a141182164a6722bddbab9ef9e5d8521f0e714ea526a603b92e?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605101"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7ee82c9cc77e4300268381d7d8a00c343dd26ef1db3dca20683af4054d8d7663_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7ee82c9cc77e4300268381d7d8a00c343dd26ef1db3dca20683af4054d8d7663_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7ee82c9cc77e4300268381d7d8a00c343dd26ef1db3dca20683af4054d8d7663_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-operator-bundle@sha256%3A7ee82c9cc77e4300268381d7d8a00c343dd26ef1db3dca20683af4054d8d7663?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757612498"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:f8c160c6dbf37d223a567a4407abe2678dfd765968a1b5d56f9905682948a4f9_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:f8c160c6dbf37d223a567a4407abe2678dfd765968a1b5d56f9905682948a4f9_amd64",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:f8c160c6dbf37d223a567a4407abe2678dfd765968a1b5d56f9905682948a4f9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3Af8c160c6dbf37d223a567a4407abe2678dfd765968a1b5d56f9905682948a4f9?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605197"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4bed8c3b330b54f88f72815fd0034e1907ded310e3d67d90942a378df6fe7545_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4bed8c3b330b54f88f72815fd0034e1907ded310e3d67d90942a378df6fe7545_amd64",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4bed8c3b330b54f88f72815fd0034e1907ded310e3d67d90942a378df6fe7545_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3A4bed8c3b330b54f88f72815fd0034e1907ded310e3d67d90942a378df6fe7545?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605179"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:dd16c429b2f98f03cf4287beafe1525a72286f17cb0818fb084e46d24f128976_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:dd16c429b2f98f03cf4287beafe1525a72286f17cb0818fb084e46d24f128976_amd64",
"product_id": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:dd16c429b2f98f03cf4287beafe1525a72286f17cb0818fb084e46d24f128976_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256%3Add16c429b2f98f03cf4287beafe1525a72286f17cb0818fb084e46d24f128976?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757612524"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:9cb6a0474e2a6928e00d5087f6117f35d8f9f6c3f8b47b8884ffc3a454d542fb_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:9cb6a0474e2a6928e00d5087f6117f35d8f9f6c3f8b47b8884ffc3a454d542fb_amd64",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:9cb6a0474e2a6928e00d5087f6117f35d8f9f6c3f8b47b8884ffc3a454d542fb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A9cb6a0474e2a6928e00d5087f6117f35d8f9f6c3f8b47b8884ffc3a454d542fb?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605196"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:4596bafe33260957505da3ef7ecdf8913d0ddcde8051d37a752070a2833dddfa_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:4596bafe33260957505da3ef7ecdf8913d0ddcde8051d37a752070a2833dddfa_amd64",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:4596bafe33260957505da3ef7ecdf8913d0ddcde8051d37a752070a2833dddfa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3A4596bafe33260957505da3ef7ecdf8913d0ddcde8051d37a752070a2833dddfa?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605262"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:a9ceb99a6aa92164e43fddf5cdae8f6e4af9ad0fab22da80cecb1d779fd4e661_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:a9ceb99a6aa92164e43fddf5cdae8f6e4af9ad0fab22da80cecb1d779fd4e661_amd64",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:a9ceb99a6aa92164e43fddf5cdae8f6e4af9ad0fab22da80cecb1d779fd4e661_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3Aa9ceb99a6aa92164e43fddf5cdae8f6e4af9ad0fab22da80cecb1d779fd4e661?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605112"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:cdbec30ff2e46e7e20cd5318226a32ec94457bc652c0a8b315eb90db91d5d89a_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:cdbec30ff2e46e7e20cd5318226a32ec94457bc652c0a8b315eb90db91d5d89a_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:cdbec30ff2e46e7e20cd5318226a32ec94457bc652c0a8b315eb90db91d5d89a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3Acdbec30ff2e46e7e20cd5318226a32ec94457bc652c0a8b315eb90db91d5d89a?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605249"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:636801e3669e8438c7ad105a72da20dc8749fa261ffe6d9d5b4a822e37a328cb_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:636801e3669e8438c7ad105a72da20dc8749fa261ffe6d9d5b4a822e37a328cb_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:636801e3669e8438c7ad105a72da20dc8749fa261ffe6d9d5b4a822e37a328cb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256%3A636801e3669e8438c7ad105a72da20dc8749fa261ffe6d9d5b4a822e37a328cb?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757612506"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ec5466223d6d8ad0fadf57643ad425d88982dfd89577bed1039cace91c2574ce_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ec5466223d6d8ad0fadf57643ad425d88982dfd89577bed1039cace91c2574ce_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ec5466223d6d8ad0fadf57643ad425d88982dfd89577bed1039cace91c2574ce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3Aec5466223d6d8ad0fadf57643ad425d88982dfd89577bed1039cace91c2574ce?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605232"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:8f5117f7507fce0469134864b92b3bdcc706d5a0254258aa74c5c46f6fa17d6a_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:8f5117f7507fce0469134864b92b3bdcc706d5a0254258aa74c5c46f6fa17d6a_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:8f5117f7507fce0469134864b92b3bdcc706d5a0254258aa74c5c46f6fa17d6a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3A8f5117f7507fce0469134864b92b3bdcc706d5a0254258aa74c5c46f6fa17d6a?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605283"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:b92131e6c10117add96b8dd27371da03c1309ec0eb02051c65bb79bb30e765b1_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:b92131e6c10117add96b8dd27371da03c1309ec0eb02051c65bb79bb30e765b1_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:b92131e6c10117add96b8dd27371da03c1309ec0eb02051c65bb79bb30e765b1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3Ab92131e6c10117add96b8dd27371da03c1309ec0eb02051c65bb79bb30e765b1?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605370"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:35fce23a6504732ffc4f0be72ba3146ffa87f38837c682cb906ae226e4f1b8c1_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:35fce23a6504732ffc4f0be72ba3146ffa87f38837c682cb906ae226e4f1b8c1_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:35fce23a6504732ffc4f0be72ba3146ffa87f38837c682cb906ae226e4f1b8c1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256%3A35fce23a6504732ffc4f0be72ba3146ffa87f38837c682cb906ae226e4f1b8c1?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757612514"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:03ecff3c25f59dd20a5929bf33ccd0a1b2f1866957f2a2d4d1a43cc75f70e8d4_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:03ecff3c25f59dd20a5929bf33ccd0a1b2f1866957f2a2d4d1a43cc75f70e8d4_amd64",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:03ecff3c25f59dd20a5929bf33ccd0a1b2f1866957f2a2d4d1a43cc75f70e8d4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3A03ecff3c25f59dd20a5929bf33ccd0a1b2f1866957f2a2d4d1a43cc75f70e8d4?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605434"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:df679427bbad444516ae929f87b958ed5b72649204044d3e4b809247ae2c0ba4_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:df679427bbad444516ae929f87b958ed5b72649204044d3e4b809247ae2c0ba4_amd64",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:df679427bbad444516ae929f87b958ed5b72649204044d3e4b809247ae2c0ba4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3Adf679427bbad444516ae929f87b958ed5b72649204044d3e4b809247ae2c0ba4?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:aaf2249eb71b7fb9937599aefe8f19bb46e768759a275a50a41426a27aebeba2_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:aaf2249eb71b7fb9937599aefe8f19bb46e768759a275a50a41426a27aebeba2_amd64",
"product_id": "registry.redhat.io/odf4/odf-operator-bundle@sha256:aaf2249eb71b7fb9937599aefe8f19bb46e768759a275a50a41426a27aebeba2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256%3Aaaf2249eb71b7fb9937599aefe8f19bb46e768759a275a50a41426a27aebeba2?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757612520"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:ac40d8b92a95fd0c54632350ff2191b62e5340830d46391c97b6a770813e62c9_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:ac40d8b92a95fd0c54632350ff2191b62e5340830d46391c97b6a770813e62c9_amd64",
"product_id": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:ac40d8b92a95fd0c54632350ff2191b62e5340830d46391c97b6a770813e62c9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-prometheus-operator-bundle@sha256%3Aac40d8b92a95fd0c54632350ff2191b62e5340830d46391c97b6a770813e62c9?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757612523"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:9731cb757024aee7fdf051bbe54bd5cfdcd82a330bad93f0e78c47a7ada21973_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:9731cb757024aee7fdf051bbe54bd5cfdcd82a330bad93f0e78c47a7ada21973_amd64",
"product_id": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:9731cb757024aee7fdf051bbe54bd5cfdcd82a330bad93f0e78c47a7ada21973_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256%3A9731cb757024aee7fdf051bbe54bd5cfdcd82a330bad93f0e78c47a7ada21973?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757612531"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:48fd2526f913f666384c08a862760736ddbf902d03161406ba9c6357467c4b12_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:48fd2526f913f666384c08a862760736ddbf902d03161406ba9c6357467c4b12_amd64",
"product_id": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:48fd2526f913f666384c08a862760736ddbf902d03161406ba9c6357467c4b12_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256%3A48fd2526f913f666384c08a862760736ddbf902d03161406ba9c6357467c4b12?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757612533"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:86695b6398cc7ee013b2e6b31a1f6fc1bab3bbd5686572e51b8beaf535dd8218_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:86695b6398cc7ee013b2e6b31a1f6fc1bab3bbd5686572e51b8beaf535dd8218_amd64",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:86695b6398cc7ee013b2e6b31a1f6fc1bab3bbd5686572e51b8beaf535dd8218_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3A86695b6398cc7ee013b2e6b31a1f6fc1bab3bbd5686572e51b8beaf535dd8218?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605583"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:483ba4458ee50ce3634371565be8f1092c2a41c5b2f75c483ec779c40e4a83d7_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:483ba4458ee50ce3634371565be8f1092c2a41c5b2f75c483ec779c40e4a83d7_amd64",
"product_id": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:483ba4458ee50ce3634371565be8f1092c2a41c5b2f75c483ec779c40e4a83d7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-recipe-operator-bundle@sha256%3A483ba4458ee50ce3634371565be8f1092c2a41c5b2f75c483ec779c40e4a83d7?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757612534"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bb775582f10a22feffcb1e5713d5d28795406eec7a4a5a59e2b94653a3149224_amd64",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bb775582f10a22feffcb1e5713d5d28795406eec7a4a5a59e2b94653a3149224_amd64",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bb775582f10a22feffcb1e5713d5d28795406eec7a4a5a59e2b94653a3149224_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3Abb775582f10a22feffcb1e5713d5d28795406eec7a4a5a59e2b94653a3149224?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605518"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:f1a82c96ba59b07f45cccc96446884c99827b770c826db2be5feab65090a0f20_amd64",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:f1a82c96ba59b07f45cccc96446884c99827b770c826db2be5feab65090a0f20_amd64",
"product_id": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:f1a82c96ba59b07f45cccc96446884c99827b770c826db2be5feab65090a0f20_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-operator-bundle@sha256%3Af1a82c96ba59b07f45cccc96446884c99827b770c826db2be5feab65090a0f20?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757612538"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:f608d0f360d923badd100732028f0ed8e4794d42db4406a8d9d1d0716300bd5e_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:f608d0f360d923badd100732028f0ed8e4794d42db4406a8d9d1d0716300bd5e_ppc64le",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:f608d0f360d923badd100732028f0ed8e4794d42db4406a8d9d1d0716300bd5e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3Af608d0f360d923badd100732028f0ed8e4794d42db4406a8d9d1d0716300bd5e?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605117"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:0ff71082f0e46ec806cef8dcbef750e02a8b6bce3193b987207ab242e2132178_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:0ff71082f0e46ec806cef8dcbef750e02a8b6bce3193b987207ab242e2132178_ppc64le",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:0ff71082f0e46ec806cef8dcbef750e02a8b6bce3193b987207ab242e2132178_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3A0ff71082f0e46ec806cef8dcbef750e02a8b6bce3193b987207ab242e2132178?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757611956"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:700c545f5a3b752d743d24dca36c9114161329ec3fc0ab4f2b87781870f2449a_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:700c545f5a3b752d743d24dca36c9114161329ec3fc0ab4f2b87781870f2449a_ppc64le",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:700c545f5a3b752d743d24dca36c9114161329ec3fc0ab4f2b87781870f2449a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3A700c545f5a3b752d743d24dca36c9114161329ec3fc0ab4f2b87781870f2449a?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605062"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:f184cb84569eaef3ead4eefd9870e8c7b3d0ca216202b5993004399b84060603_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:f184cb84569eaef3ead4eefd9870e8c7b3d0ca216202b5993004399b84060603_ppc64le",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:f184cb84569eaef3ead4eefd9870e8c7b3d0ca216202b5993004399b84060603_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3Af184cb84569eaef3ead4eefd9870e8c7b3d0ca216202b5993004399b84060603?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605118"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:b17fa8546693526a09e9098ee2929cdf01dc4c070618ae4301b1b6cd4eae488d_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:b17fa8546693526a09e9098ee2929cdf01dc4c070618ae4301b1b6cd4eae488d_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:b17fa8546693526a09e9098ee2929cdf01dc4c070618ae4301b1b6cd4eae488d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3Ab17fa8546693526a09e9098ee2929cdf01dc4c070618ae4301b1b6cd4eae488d?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605189"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2a51c331324fe00f1c92cf9bfc9f12e4ea29b34a7105e5503aa05c223e830d51_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2a51c331324fe00f1c92cf9bfc9f12e4ea29b34a7105e5503aa05c223e830d51_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2a51c331324fe00f1c92cf9bfc9f12e4ea29b34a7105e5503aa05c223e830d51_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A2a51c331324fe00f1c92cf9bfc9f12e4ea29b34a7105e5503aa05c223e830d51?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605101"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:dc6d08b94339b42efac1dc17e52c483084d59982d3c20a097992823eddd8bed0_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:dc6d08b94339b42efac1dc17e52c483084d59982d3c20a097992823eddd8bed0_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:dc6d08b94339b42efac1dc17e52c483084d59982d3c20a097992823eddd8bed0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3Adc6d08b94339b42efac1dc17e52c483084d59982d3c20a097992823eddd8bed0?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605197"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b0e3cb4bd4e0ca0c662fea801811d88628261bac514efaee5b64e2e9b50db091_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b0e3cb4bd4e0ca0c662fea801811d88628261bac514efaee5b64e2e9b50db091_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b0e3cb4bd4e0ca0c662fea801811d88628261bac514efaee5b64e2e9b50db091_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3Ab0e3cb4bd4e0ca0c662fea801811d88628261bac514efaee5b64e2e9b50db091?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605179"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:a0be73cb08e97006b9a930a55a8453ae3fea7870afe4c04828d7e2ee0866a895_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:a0be73cb08e97006b9a930a55a8453ae3fea7870afe4c04828d7e2ee0866a895_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:a0be73cb08e97006b9a930a55a8453ae3fea7870afe4c04828d7e2ee0866a895_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3Aa0be73cb08e97006b9a930a55a8453ae3fea7870afe4c04828d7e2ee0866a895?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605196"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:b99688625ddc898075e3d8b103349292e0219575b38ac0e8954d6532f0c71fb4_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:b99688625ddc898075e3d8b103349292e0219575b38ac0e8954d6532f0c71fb4_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:b99688625ddc898075e3d8b103349292e0219575b38ac0e8954d6532f0c71fb4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3Ab99688625ddc898075e3d8b103349292e0219575b38ac0e8954d6532f0c71fb4?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605262"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:17a18b54ddf1e8d3904ab4ed8525e0b16933905f640665877fafdb93c18867c3_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:17a18b54ddf1e8d3904ab4ed8525e0b16933905f640665877fafdb93c18867c3_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:17a18b54ddf1e8d3904ab4ed8525e0b16933905f640665877fafdb93c18867c3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3A17a18b54ddf1e8d3904ab4ed8525e0b16933905f640665877fafdb93c18867c3?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605112"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:67d6c7668f1713acfedac8dec6a762d1beac329ca93828d3a5212c0a0da3614d_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:67d6c7668f1713acfedac8dec6a762d1beac329ca93828d3a5212c0a0da3614d_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:67d6c7668f1713acfedac8dec6a762d1beac329ca93828d3a5212c0a0da3614d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3A67d6c7668f1713acfedac8dec6a762d1beac329ca93828d3a5212c0a0da3614d?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605249"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e8984ec310ccb865a641439bbc370c4c225baaef63567ba3199ada3375827683_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e8984ec310ccb865a641439bbc370c4c225baaef63567ba3199ada3375827683_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e8984ec310ccb865a641439bbc370c4c225baaef63567ba3199ada3375827683_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3Ae8984ec310ccb865a641439bbc370c4c225baaef63567ba3199ada3375827683?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605232"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:72c50f22befa94706806b2837e94d99a1b3f73c3fe3fca7522c9cb6d753347bd_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:72c50f22befa94706806b2837e94d99a1b3f73c3fe3fca7522c9cb6d753347bd_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:72c50f22befa94706806b2837e94d99a1b3f73c3fe3fca7522c9cb6d753347bd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3A72c50f22befa94706806b2837e94d99a1b3f73c3fe3fca7522c9cb6d753347bd?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605283"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:fbe7f6713f972f9fc7d63012ac28b62266543efd62ac5656935102a71bf1eda9_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:fbe7f6713f972f9fc7d63012ac28b62266543efd62ac5656935102a71bf1eda9_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:fbe7f6713f972f9fc7d63012ac28b62266543efd62ac5656935102a71bf1eda9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3Afbe7f6713f972f9fc7d63012ac28b62266543efd62ac5656935102a71bf1eda9?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605370"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:aab015a3c526df1f791008765f50be2754f3d66bd8dc43b236b9c06b127a540b_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:aab015a3c526df1f791008765f50be2754f3d66bd8dc43b236b9c06b127a540b_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:aab015a3c526df1f791008765f50be2754f3d66bd8dc43b236b9c06b127a540b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3Aaab015a3c526df1f791008765f50be2754f3d66bd8dc43b236b9c06b127a540b?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605434"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:6b4cbf4c9117e72fba22ed738b6b181fd2dbb7777772decbcdbf97ba9ad8e6e2_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:6b4cbf4c9117e72fba22ed738b6b181fd2dbb7777772decbcdbf97ba9ad8e6e2_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:6b4cbf4c9117e72fba22ed738b6b181fd2dbb7777772decbcdbf97ba9ad8e6e2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A6b4cbf4c9117e72fba22ed738b6b181fd2dbb7777772decbcdbf97ba9ad8e6e2?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:ec92bd14fcbb50bdf7373f053a28efcc67ce44e7591869c5514772470041621e_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:ec92bd14fcbb50bdf7373f053a28efcc67ce44e7591869c5514772470041621e_ppc64le",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:ec92bd14fcbb50bdf7373f053a28efcc67ce44e7591869c5514772470041621e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3Aec92bd14fcbb50bdf7373f053a28efcc67ce44e7591869c5514772470041621e?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605583"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2f852f91f4f5b8e78ca12240e2bb5ae1afa73bf8c6bfa0c1722fc997d877a587_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2f852f91f4f5b8e78ca12240e2bb5ae1afa73bf8c6bfa0c1722fc997d877a587_ppc64le",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2f852f91f4f5b8e78ca12240e2bb5ae1afa73bf8c6bfa0c1722fc997d877a587_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3A2f852f91f4f5b8e78ca12240e2bb5ae1afa73bf8c6bfa0c1722fc997d877a587?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605518"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:07b1728430bba1d5972366e16a146cab125dbaf02bb59ce62193630aac925f7e_s390x",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:07b1728430bba1d5972366e16a146cab125dbaf02bb59ce62193630aac925f7e_s390x",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:07b1728430bba1d5972366e16a146cab125dbaf02bb59ce62193630aac925f7e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3A07b1728430bba1d5972366e16a146cab125dbaf02bb59ce62193630aac925f7e?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605117"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:16f2b6bb122078ab5f39e99a6ed046d16f570b813e25fe038d121341541e8e3b_s390x",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:16f2b6bb122078ab5f39e99a6ed046d16f570b813e25fe038d121341541e8e3b_s390x",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:16f2b6bb122078ab5f39e99a6ed046d16f570b813e25fe038d121341541e8e3b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3A16f2b6bb122078ab5f39e99a6ed046d16f570b813e25fe038d121341541e8e3b?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757611956"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:120bb47fa2ba5dbfd9aa50dd12cb11476ab0e265a15bd0990b47594902781240_s390x",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:120bb47fa2ba5dbfd9aa50dd12cb11476ab0e265a15bd0990b47594902781240_s390x",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:120bb47fa2ba5dbfd9aa50dd12cb11476ab0e265a15bd0990b47594902781240_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3A120bb47fa2ba5dbfd9aa50dd12cb11476ab0e265a15bd0990b47594902781240?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605062"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:276de4f5443c73b4270b4e12dac977376e8ce66a8d560c270cd742c296fe3a39_s390x",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:276de4f5443c73b4270b4e12dac977376e8ce66a8d560c270cd742c296fe3a39_s390x",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:276de4f5443c73b4270b4e12dac977376e8ce66a8d560c270cd742c296fe3a39_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3A276de4f5443c73b4270b4e12dac977376e8ce66a8d560c270cd742c296fe3a39?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605118"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:51f391c97cc38e78f1eb0efad0d33bee47975acacedf8861832743bc25d5489d_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:51f391c97cc38e78f1eb0efad0d33bee47975acacedf8861832743bc25d5489d_s390x",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:51f391c97cc38e78f1eb0efad0d33bee47975acacedf8861832743bc25d5489d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3A51f391c97cc38e78f1eb0efad0d33bee47975acacedf8861832743bc25d5489d?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605189"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:413df635042b749eb2fec245263a8f8d96751c4c4f6688f45811e3ce47b2c7b2_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:413df635042b749eb2fec245263a8f8d96751c4c4f6688f45811e3ce47b2c7b2_s390x",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:413df635042b749eb2fec245263a8f8d96751c4c4f6688f45811e3ce47b2c7b2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A413df635042b749eb2fec245263a8f8d96751c4c4f6688f45811e3ce47b2c7b2?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605101"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:07ea84cc031e1c88b026fea1dc1a3f4bdc695a828aa56f3fdd896b09de6b8778_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:07ea84cc031e1c88b026fea1dc1a3f4bdc695a828aa56f3fdd896b09de6b8778_s390x",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:07ea84cc031e1c88b026fea1dc1a3f4bdc695a828aa56f3fdd896b09de6b8778_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3A07ea84cc031e1c88b026fea1dc1a3f4bdc695a828aa56f3fdd896b09de6b8778?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605197"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ab4b3e0943cced9b2bffb25efdfd2b52cbb02ecdb4ccde4e1ffb9f0f79db655e_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ab4b3e0943cced9b2bffb25efdfd2b52cbb02ecdb4ccde4e1ffb9f0f79db655e_s390x",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ab4b3e0943cced9b2bffb25efdfd2b52cbb02ecdb4ccde4e1ffb9f0f79db655e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3Aab4b3e0943cced9b2bffb25efdfd2b52cbb02ecdb4ccde4e1ffb9f0f79db655e?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605179"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:8daaf1ee358b64089c9e004807e3e23b694d7e6cb39e71fab41c42ab6f69facc_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:8daaf1ee358b64089c9e004807e3e23b694d7e6cb39e71fab41c42ab6f69facc_s390x",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:8daaf1ee358b64089c9e004807e3e23b694d7e6cb39e71fab41c42ab6f69facc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A8daaf1ee358b64089c9e004807e3e23b694d7e6cb39e71fab41c42ab6f69facc?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605196"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:225562443f620f38f1b37810ab96031f4f2db6fef70e0db4e0074b5d19a986b7_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:225562443f620f38f1b37810ab96031f4f2db6fef70e0db4e0074b5d19a986b7_s390x",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:225562443f620f38f1b37810ab96031f4f2db6fef70e0db4e0074b5d19a986b7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3A225562443f620f38f1b37810ab96031f4f2db6fef70e0db4e0074b5d19a986b7?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605262"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e669c86fd65a6174e7f354366984a67f8ce86cd16983a96418c685bfc1be65f7_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e669c86fd65a6174e7f354366984a67f8ce86cd16983a96418c685bfc1be65f7_s390x",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e669c86fd65a6174e7f354366984a67f8ce86cd16983a96418c685bfc1be65f7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3Ae669c86fd65a6174e7f354366984a67f8ce86cd16983a96418c685bfc1be65f7?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605112"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b10ad3969ca5eabc194c50ccc9b6038f73c29c3be45e6b81ceaa69e772a1b8f9_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b10ad3969ca5eabc194c50ccc9b6038f73c29c3be45e6b81ceaa69e772a1b8f9_s390x",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b10ad3969ca5eabc194c50ccc9b6038f73c29c3be45e6b81ceaa69e772a1b8f9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3Ab10ad3969ca5eabc194c50ccc9b6038f73c29c3be45e6b81ceaa69e772a1b8f9?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605249"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:8dc9931fe60832a46080479e902af6c674f6793f922dfa2e58ed9eb8110cc716_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:8dc9931fe60832a46080479e902af6c674f6793f922dfa2e58ed9eb8110cc716_s390x",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:8dc9931fe60832a46080479e902af6c674f6793f922dfa2e58ed9eb8110cc716_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3A8dc9931fe60832a46080479e902af6c674f6793f922dfa2e58ed9eb8110cc716?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605232"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:a010eedfec7d31c06ace549edbfe721b6bffd982ccea76db4ceed25bd8710c01_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:a010eedfec7d31c06ace549edbfe721b6bffd982ccea76db4ceed25bd8710c01_s390x",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:a010eedfec7d31c06ace549edbfe721b6bffd982ccea76db4ceed25bd8710c01_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3Aa010eedfec7d31c06ace549edbfe721b6bffd982ccea76db4ceed25bd8710c01?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605283"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:c4d3de06cb5b0cf7aca1ef75df713f2ce26db27903e71aad3a467075b02a6502_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:c4d3de06cb5b0cf7aca1ef75df713f2ce26db27903e71aad3a467075b02a6502_s390x",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:c4d3de06cb5b0cf7aca1ef75df713f2ce26db27903e71aad3a467075b02a6502_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3Ac4d3de06cb5b0cf7aca1ef75df713f2ce26db27903e71aad3a467075b02a6502?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605370"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:d344d74919028237674323d4e1efcfd9c6d32f5e4fc9b8a9949ab60a54b04e4a_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:d344d74919028237674323d4e1efcfd9c6d32f5e4fc9b8a9949ab60a54b04e4a_s390x",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:d344d74919028237674323d4e1efcfd9c6d32f5e4fc9b8a9949ab60a54b04e4a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3Ad344d74919028237674323d4e1efcfd9c6d32f5e4fc9b8a9949ab60a54b04e4a?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605434"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:330c767a920c005e4d01f58342025d6f7c25710f97cd208d85ec92c2219afa8e_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:330c767a920c005e4d01f58342025d6f7c25710f97cd208d85ec92c2219afa8e_s390x",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:330c767a920c005e4d01f58342025d6f7c25710f97cd208d85ec92c2219afa8e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A330c767a920c005e4d01f58342025d6f7c25710f97cd208d85ec92c2219afa8e?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:dc93c7e31c0ca3d94904d7744f0a892a30d1023b85f2caeb22a957395d6b740e_s390x",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:dc93c7e31c0ca3d94904d7744f0a892a30d1023b85f2caeb22a957395d6b740e_s390x",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:dc93c7e31c0ca3d94904d7744f0a892a30d1023b85f2caeb22a957395d6b740e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3Adc93c7e31c0ca3d94904d7744f0a892a30d1023b85f2caeb22a957395d6b740e?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605583"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:b0258e55e30f1b93b173ed5e87f0ce829615ca18583029f0e0fd5dad0c247e35_s390x",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:b0258e55e30f1b93b173ed5e87f0ce829615ca18583029f0e0fd5dad0c247e35_s390x",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:b0258e55e30f1b93b173ed5e87f0ce829615ca18583029f0e0fd5dad0c247e35_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3Ab0258e55e30f1b93b173ed5e87f0ce829615ca18583029f0e0fd5dad0c247e35?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605518"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:8308ddca0ae68f5d26002ce7da0c8a07c5967e03f9e953f9e20015d31fe27b2c_arm64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:8308ddca0ae68f5d26002ce7da0c8a07c5967e03f9e953f9e20015d31fe27b2c_arm64",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:8308ddca0ae68f5d26002ce7da0c8a07c5967e03f9e953f9e20015d31fe27b2c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3A8308ddca0ae68f5d26002ce7da0c8a07c5967e03f9e953f9e20015d31fe27b2c?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757611956"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:4cd4c22f6abb6da2eb0e927d9ab1ec76bc2300dd6af6c3afc2507d15e8c6ef2c_arm64",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:4cd4c22f6abb6da2eb0e927d9ab1ec76bc2300dd6af6c3afc2507d15e8c6ef2c_arm64",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:4cd4c22f6abb6da2eb0e927d9ab1ec76bc2300dd6af6c3afc2507d15e8c6ef2c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3A4cd4c22f6abb6da2eb0e927d9ab1ec76bc2300dd6af6c3afc2507d15e8c6ef2c?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605118"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2c433aeff6412b71bf40913a4eb2fe49a956d37cb027168f8e17d7c18b67cdf4_arm64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2c433aeff6412b71bf40913a4eb2fe49a956d37cb027168f8e17d7c18b67cdf4_arm64",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2c433aeff6412b71bf40913a4eb2fe49a956d37cb027168f8e17d7c18b67cdf4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A2c433aeff6412b71bf40913a4eb2fe49a956d37cb027168f8e17d7c18b67cdf4?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605101"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:15e394a4e1ee534d3490ffaa4c43c341a5ea5502c2dd962982edc8a587caae90_arm64",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:15e394a4e1ee534d3490ffaa4c43c341a5ea5502c2dd962982edc8a587caae90_arm64",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:15e394a4e1ee534d3490ffaa4c43c341a5ea5502c2dd962982edc8a587caae90_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3A15e394a4e1ee534d3490ffaa4c43c341a5ea5502c2dd962982edc8a587caae90?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605179"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:04945e930df1dc3cb5f81d3fe19690b856b2f99ccdfd5286ecb862c63867dbfc_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:04945e930df1dc3cb5f81d3fe19690b856b2f99ccdfd5286ecb862c63867dbfc_arm64",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:04945e930df1dc3cb5f81d3fe19690b856b2f99ccdfd5286ecb862c63867dbfc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A04945e930df1dc3cb5f81d3fe19690b856b2f99ccdfd5286ecb862c63867dbfc?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605196"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0c7b3db4adfc5d103902192c8c1c50a3d924f8030f2b5acc931dd097f801a928_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0c7b3db4adfc5d103902192c8c1c50a3d924f8030f2b5acc931dd097f801a928_arm64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0c7b3db4adfc5d103902192c8c1c50a3d924f8030f2b5acc931dd097f801a928_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3A0c7b3db4adfc5d103902192c8c1c50a3d924f8030f2b5acc931dd097f801a928?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605249"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:94a096f682d80a1e632749d0a901adfe5ad62a63034c9d537f1ac3702691dca1_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:94a096f682d80a1e632749d0a901adfe5ad62a63034c9d537f1ac3702691dca1_arm64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:94a096f682d80a1e632749d0a901adfe5ad62a63034c9d537f1ac3702691dca1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3A94a096f682d80a1e632749d0a901adfe5ad62a63034c9d537f1ac3702691dca1?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605232"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:334305472bc1f5b9e1746910ebcf20020bfa72890f9a620321b1ceee60bbe83c_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:334305472bc1f5b9e1746910ebcf20020bfa72890f9a620321b1ceee60bbe83c_arm64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:334305472bc1f5b9e1746910ebcf20020bfa72890f9a620321b1ceee60bbe83c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3A334305472bc1f5b9e1746910ebcf20020bfa72890f9a620321b1ceee60bbe83c?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605370"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:7fdfc833b0eca7331357cfee5c3bb4b727a636ccafab49f36a8a02093ee01905_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:7fdfc833b0eca7331357cfee5c3bb4b727a636ccafab49f36a8a02093ee01905_arm64",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:7fdfc833b0eca7331357cfee5c3bb4b727a636ccafab49f36a8a02093ee01905_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3A7fdfc833b0eca7331357cfee5c3bb4b727a636ccafab49f36a8a02093ee01905?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605434"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:6e44e981f8d55c78304e04d712c770f9f69f72fae04475354e29a58d4ecb9f4b_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:6e44e981f8d55c78304e04d712c770f9f69f72fae04475354e29a58d4ecb9f4b_arm64",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:6e44e981f8d55c78304e04d712c770f9f69f72fae04475354e29a58d4ecb9f4b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A6e44e981f8d55c78304e04d712c770f9f69f72fae04475354e29a58d4ecb9f4b?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:f475aa1657682054fb7a4ed4fbd089fea1afda6b308b49ee74541678db151012_arm64",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:f475aa1657682054fb7a4ed4fbd089fea1afda6b308b49ee74541678db151012_arm64",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:f475aa1657682054fb7a4ed4fbd089fea1afda6b308b49ee74541678db151012_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3Af475aa1657682054fb7a4ed4fbd089fea1afda6b308b49ee74541678db151012?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605583"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:218873830ae5140be10349b08bca288a66cd837d83c1c4eb7026cf2f81dea62a_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:218873830ae5140be10349b08bca288a66cd837d83c1c4eb7026cf2f81dea62a_amd64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:218873830ae5140be10349b08bca288a66cd837d83c1c4eb7026cf2f81dea62a_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:0ff71082f0e46ec806cef8dcbef750e02a8b6bce3193b987207ab242e2132178_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:0ff71082f0e46ec806cef8dcbef750e02a8b6bce3193b987207ab242e2132178_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:0ff71082f0e46ec806cef8dcbef750e02a8b6bce3193b987207ab242e2132178_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:16f2b6bb122078ab5f39e99a6ed046d16f570b813e25fe038d121341541e8e3b_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:16f2b6bb122078ab5f39e99a6ed046d16f570b813e25fe038d121341541e8e3b_s390x"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:16f2b6bb122078ab5f39e99a6ed046d16f570b813e25fe038d121341541e8e3b_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:8308ddca0ae68f5d26002ce7da0c8a07c5967e03f9e953f9e20015d31fe27b2c_arm64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:8308ddca0ae68f5d26002ce7da0c8a07c5967e03f9e953f9e20015d31fe27b2c_arm64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:8308ddca0ae68f5d26002ce7da0c8a07c5967e03f9e953f9e20015d31fe27b2c_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:9d814cd9d871c4d4388ff9a770ccf65c1e2c0b84a9834f41ed30c17088d6026c_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:9d814cd9d871c4d4388ff9a770ccf65c1e2c0b84a9834f41ed30c17088d6026c_amd64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:9d814cd9d871c4d4388ff9a770ccf65c1e2c0b84a9834f41ed30c17088d6026c_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:07b1728430bba1d5972366e16a146cab125dbaf02bb59ce62193630aac925f7e_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9@sha256:07b1728430bba1d5972366e16a146cab125dbaf02bb59ce62193630aac925f7e_s390x"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:07b1728430bba1d5972366e16a146cab125dbaf02bb59ce62193630aac925f7e_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:c7838c0b696349f697f2c7a165667e09799ef620a7e712ab715c3af23a40bb1c_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9@sha256:c7838c0b696349f697f2c7a165667e09799ef620a7e712ab715c3af23a40bb1c_amd64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:c7838c0b696349f697f2c7a165667e09799ef620a7e712ab715c3af23a40bb1c_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:f608d0f360d923badd100732028f0ed8e4794d42db4406a8d9d1d0716300bd5e_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9@sha256:f608d0f360d923badd100732028f0ed8e4794d42db4406a8d9d1d0716300bd5e_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:f608d0f360d923badd100732028f0ed8e4794d42db4406a8d9d1d0716300bd5e_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:120bb47fa2ba5dbfd9aa50dd12cb11476ab0e265a15bd0990b47594902781240_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-core-rhel9@sha256:120bb47fa2ba5dbfd9aa50dd12cb11476ab0e265a15bd0990b47594902781240_s390x"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:120bb47fa2ba5dbfd9aa50dd12cb11476ab0e265a15bd0990b47594902781240_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:145342094b8a2473ffc05f2f12db525712af6e6fcce7761a98c0e2ba5c79233f_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-core-rhel9@sha256:145342094b8a2473ffc05f2f12db525712af6e6fcce7761a98c0e2ba5c79233f_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:145342094b8a2473ffc05f2f12db525712af6e6fcce7761a98c0e2ba5c79233f_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:700c545f5a3b752d743d24dca36c9114161329ec3fc0ab4f2b87781870f2449a_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-core-rhel9@sha256:700c545f5a3b752d743d24dca36c9114161329ec3fc0ab4f2b87781870f2449a_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:700c545f5a3b752d743d24dca36c9114161329ec3fc0ab4f2b87781870f2449a_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:ed9e6e1a9d9d1956e40374800afe592bb3f6e61a7edd16dea844624e869c2ba0_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-operator-bundle@sha256:ed9e6e1a9d9d1956e40374800afe592bb3f6e61a7edd16dea844624e869c2ba0_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:ed9e6e1a9d9d1956e40374800afe592bb3f6e61a7edd16dea844624e869c2ba0_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:276de4f5443c73b4270b4e12dac977376e8ce66a8d560c270cd742c296fe3a39_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:276de4f5443c73b4270b4e12dac977376e8ce66a8d560c270cd742c296fe3a39_s390x"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:276de4f5443c73b4270b4e12dac977376e8ce66a8d560c270cd742c296fe3a39_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:4cd4c22f6abb6da2eb0e927d9ab1ec76bc2300dd6af6c3afc2507d15e8c6ef2c_arm64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:4cd4c22f6abb6da2eb0e927d9ab1ec76bc2300dd6af6c3afc2507d15e8c6ef2c_arm64"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:4cd4c22f6abb6da2eb0e927d9ab1ec76bc2300dd6af6c3afc2507d15e8c6ef2c_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:b993ba30c006766d1327e047d5744704421eb533dda807ca467091270088f0dc_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:b993ba30c006766d1327e047d5744704421eb533dda807ca467091270088f0dc_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:b993ba30c006766d1327e047d5744704421eb533dda807ca467091270088f0dc_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:f184cb84569eaef3ead4eefd9870e8c7b3d0ca216202b5993004399b84060603_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:f184cb84569eaef3ead4eefd9870e8c7b3d0ca216202b5993004399b84060603_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:f184cb84569eaef3ead4eefd9870e8c7b3d0ca216202b5993004399b84060603_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:51f391c97cc38e78f1eb0efad0d33bee47975acacedf8861832743bc25d5489d_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:51f391c97cc38e78f1eb0efad0d33bee47975acacedf8861832743bc25d5489d_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:51f391c97cc38e78f1eb0efad0d33bee47975acacedf8861832743bc25d5489d_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:b17fa8546693526a09e9098ee2929cdf01dc4c070618ae4301b1b6cd4eae488d_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:b17fa8546693526a09e9098ee2929cdf01dc4c070618ae4301b1b6cd4eae488d_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:b17fa8546693526a09e9098ee2929cdf01dc4c070618ae4301b1b6cd4eae488d_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:c5eee39bf3802d1dcf532ddd9e3593b2ca1d9e806d5967b824f352616a72ebcf_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:c5eee39bf3802d1dcf532ddd9e3593b2ca1d9e806d5967b824f352616a72ebcf_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:c5eee39bf3802d1dcf532ddd9e3593b2ca1d9e806d5967b824f352616a72ebcf_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7ee82c9cc77e4300268381d7d8a00c343dd26ef1db3dca20683af4054d8d7663_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7ee82c9cc77e4300268381d7d8a00c343dd26ef1db3dca20683af4054d8d7663_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7ee82c9cc77e4300268381d7d8a00c343dd26ef1db3dca20683af4054d8d7663_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2a51c331324fe00f1c92cf9bfc9f12e4ea29b34a7105e5503aa05c223e830d51_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2a51c331324fe00f1c92cf9bfc9f12e4ea29b34a7105e5503aa05c223e830d51_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2a51c331324fe00f1c92cf9bfc9f12e4ea29b34a7105e5503aa05c223e830d51_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2c433aeff6412b71bf40913a4eb2fe49a956d37cb027168f8e17d7c18b67cdf4_arm64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2c433aeff6412b71bf40913a4eb2fe49a956d37cb027168f8e17d7c18b67cdf4_arm64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2c433aeff6412b71bf40913a4eb2fe49a956d37cb027168f8e17d7c18b67cdf4_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3da88817c32a6a141182164a6722bddbab9ef9e5d8521f0e714ea526a603b92e_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3da88817c32a6a141182164a6722bddbab9ef9e5d8521f0e714ea526a603b92e_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3da88817c32a6a141182164a6722bddbab9ef9e5d8521f0e714ea526a603b92e_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:413df635042b749eb2fec245263a8f8d96751c4c4f6688f45811e3ce47b2c7b2_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:413df635042b749eb2fec245263a8f8d96751c4c4f6688f45811e3ce47b2c7b2_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:413df635042b749eb2fec245263a8f8d96751c4c4f6688f45811e3ce47b2c7b2_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:07ea84cc031e1c88b026fea1dc1a3f4bdc695a828aa56f3fdd896b09de6b8778_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:07ea84cc031e1c88b026fea1dc1a3f4bdc695a828aa56f3fdd896b09de6b8778_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:07ea84cc031e1c88b026fea1dc1a3f4bdc695a828aa56f3fdd896b09de6b8778_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:dc6d08b94339b42efac1dc17e52c483084d59982d3c20a097992823eddd8bed0_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:dc6d08b94339b42efac1dc17e52c483084d59982d3c20a097992823eddd8bed0_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:dc6d08b94339b42efac1dc17e52c483084d59982d3c20a097992823eddd8bed0_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:f8c160c6dbf37d223a567a4407abe2678dfd765968a1b5d56f9905682948a4f9_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:f8c160c6dbf37d223a567a4407abe2678dfd765968a1b5d56f9905682948a4f9_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:f8c160c6dbf37d223a567a4407abe2678dfd765968a1b5d56f9905682948a4f9_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:dd16c429b2f98f03cf4287beafe1525a72286f17cb0818fb084e46d24f128976_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-operator-bundle@sha256:dd16c429b2f98f03cf4287beafe1525a72286f17cb0818fb084e46d24f128976_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:dd16c429b2f98f03cf4287beafe1525a72286f17cb0818fb084e46d24f128976_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:15e394a4e1ee534d3490ffaa4c43c341a5ea5502c2dd962982edc8a587caae90_arm64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:15e394a4e1ee534d3490ffaa4c43c341a5ea5502c2dd962982edc8a587caae90_arm64"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:15e394a4e1ee534d3490ffaa4c43c341a5ea5502c2dd962982edc8a587caae90_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4bed8c3b330b54f88f72815fd0034e1907ded310e3d67d90942a378df6fe7545_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4bed8c3b330b54f88f72815fd0034e1907ded310e3d67d90942a378df6fe7545_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4bed8c3b330b54f88f72815fd0034e1907ded310e3d67d90942a378df6fe7545_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ab4b3e0943cced9b2bffb25efdfd2b52cbb02ecdb4ccde4e1ffb9f0f79db655e_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ab4b3e0943cced9b2bffb25efdfd2b52cbb02ecdb4ccde4e1ffb9f0f79db655e_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ab4b3e0943cced9b2bffb25efdfd2b52cbb02ecdb4ccde4e1ffb9f0f79db655e_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b0e3cb4bd4e0ca0c662fea801811d88628261bac514efaee5b64e2e9b50db091_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b0e3cb4bd4e0ca0c662fea801811d88628261bac514efaee5b64e2e9b50db091_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b0e3cb4bd4e0ca0c662fea801811d88628261bac514efaee5b64e2e9b50db091_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:04945e930df1dc3cb5f81d3fe19690b856b2f99ccdfd5286ecb862c63867dbfc_arm64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:04945e930df1dc3cb5f81d3fe19690b856b2f99ccdfd5286ecb862c63867dbfc_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:04945e930df1dc3cb5f81d3fe19690b856b2f99ccdfd5286ecb862c63867dbfc_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:8daaf1ee358b64089c9e004807e3e23b694d7e6cb39e71fab41c42ab6f69facc_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:8daaf1ee358b64089c9e004807e3e23b694d7e6cb39e71fab41c42ab6f69facc_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:8daaf1ee358b64089c9e004807e3e23b694d7e6cb39e71fab41c42ab6f69facc_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:9cb6a0474e2a6928e00d5087f6117f35d8f9f6c3f8b47b8884ffc3a454d542fb_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:9cb6a0474e2a6928e00d5087f6117f35d8f9f6c3f8b47b8884ffc3a454d542fb_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:9cb6a0474e2a6928e00d5087f6117f35d8f9f6c3f8b47b8884ffc3a454d542fb_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:a0be73cb08e97006b9a930a55a8453ae3fea7870afe4c04828d7e2ee0866a895_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:a0be73cb08e97006b9a930a55a8453ae3fea7870afe4c04828d7e2ee0866a895_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:a0be73cb08e97006b9a930a55a8453ae3fea7870afe4c04828d7e2ee0866a895_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:225562443f620f38f1b37810ab96031f4f2db6fef70e0db4e0074b5d19a986b7_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-console-rhel9@sha256:225562443f620f38f1b37810ab96031f4f2db6fef70e0db4e0074b5d19a986b7_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:225562443f620f38f1b37810ab96031f4f2db6fef70e0db4e0074b5d19a986b7_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:4596bafe33260957505da3ef7ecdf8913d0ddcde8051d37a752070a2833dddfa_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-console-rhel9@sha256:4596bafe33260957505da3ef7ecdf8913d0ddcde8051d37a752070a2833dddfa_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:4596bafe33260957505da3ef7ecdf8913d0ddcde8051d37a752070a2833dddfa_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:b99688625ddc898075e3d8b103349292e0219575b38ac0e8954d6532f0c71fb4_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-console-rhel9@sha256:b99688625ddc898075e3d8b103349292e0219575b38ac0e8954d6532f0c71fb4_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:b99688625ddc898075e3d8b103349292e0219575b38ac0e8954d6532f0c71fb4_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:17a18b54ddf1e8d3904ab4ed8525e0b16933905f640665877fafdb93c18867c3_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:17a18b54ddf1e8d3904ab4ed8525e0b16933905f640665877fafdb93c18867c3_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:17a18b54ddf1e8d3904ab4ed8525e0b16933905f640665877fafdb93c18867c3_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:a9ceb99a6aa92164e43fddf5cdae8f6e4af9ad0fab22da80cecb1d779fd4e661_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:a9ceb99a6aa92164e43fddf5cdae8f6e4af9ad0fab22da80cecb1d779fd4e661_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:a9ceb99a6aa92164e43fddf5cdae8f6e4af9ad0fab22da80cecb1d779fd4e661_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e669c86fd65a6174e7f354366984a67f8ce86cd16983a96418c685bfc1be65f7_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e669c86fd65a6174e7f354366984a67f8ce86cd16983a96418c685bfc1be65f7_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e669c86fd65a6174e7f354366984a67f8ce86cd16983a96418c685bfc1be65f7_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:636801e3669e8438c7ad105a72da20dc8749fa261ffe6d9d5b4a822e37a328cb_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:636801e3669e8438c7ad105a72da20dc8749fa261ffe6d9d5b4a822e37a328cb_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:636801e3669e8438c7ad105a72da20dc8749fa261ffe6d9d5b4a822e37a328cb_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0c7b3db4adfc5d103902192c8c1c50a3d924f8030f2b5acc931dd097f801a928_arm64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0c7b3db4adfc5d103902192c8c1c50a3d924f8030f2b5acc931dd097f801a928_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0c7b3db4adfc5d103902192c8c1c50a3d924f8030f2b5acc931dd097f801a928_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:67d6c7668f1713acfedac8dec6a762d1beac329ca93828d3a5212c0a0da3614d_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:67d6c7668f1713acfedac8dec6a762d1beac329ca93828d3a5212c0a0da3614d_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:67d6c7668f1713acfedac8dec6a762d1beac329ca93828d3a5212c0a0da3614d_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b10ad3969ca5eabc194c50ccc9b6038f73c29c3be45e6b81ceaa69e772a1b8f9_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b10ad3969ca5eabc194c50ccc9b6038f73c29c3be45e6b81ceaa69e772a1b8f9_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b10ad3969ca5eabc194c50ccc9b6038f73c29c3be45e6b81ceaa69e772a1b8f9_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:cdbec30ff2e46e7e20cd5318226a32ec94457bc652c0a8b315eb90db91d5d89a_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:cdbec30ff2e46e7e20cd5318226a32ec94457bc652c0a8b315eb90db91d5d89a_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:cdbec30ff2e46e7e20cd5318226a32ec94457bc652c0a8b315eb90db91d5d89a_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:8dc9931fe60832a46080479e902af6c674f6793f922dfa2e58ed9eb8110cc716_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:8dc9931fe60832a46080479e902af6c674f6793f922dfa2e58ed9eb8110cc716_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:8dc9931fe60832a46080479e902af6c674f6793f922dfa2e58ed9eb8110cc716_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:94a096f682d80a1e632749d0a901adfe5ad62a63034c9d537f1ac3702691dca1_arm64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:94a096f682d80a1e632749d0a901adfe5ad62a63034c9d537f1ac3702691dca1_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:94a096f682d80a1e632749d0a901adfe5ad62a63034c9d537f1ac3702691dca1_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e8984ec310ccb865a641439bbc370c4c225baaef63567ba3199ada3375827683_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e8984ec310ccb865a641439bbc370c4c225baaef63567ba3199ada3375827683_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e8984ec310ccb865a641439bbc370c4c225baaef63567ba3199ada3375827683_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ec5466223d6d8ad0fadf57643ad425d88982dfd89577bed1039cace91c2574ce_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ec5466223d6d8ad0fadf57643ad425d88982dfd89577bed1039cace91c2574ce_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ec5466223d6d8ad0fadf57643ad425d88982dfd89577bed1039cace91c2574ce_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:72c50f22befa94706806b2837e94d99a1b3f73c3fe3fca7522c9cb6d753347bd_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:72c50f22befa94706806b2837e94d99a1b3f73c3fe3fca7522c9cb6d753347bd_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:72c50f22befa94706806b2837e94d99a1b3f73c3fe3fca7522c9cb6d753347bd_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:8f5117f7507fce0469134864b92b3bdcc706d5a0254258aa74c5c46f6fa17d6a_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:8f5117f7507fce0469134864b92b3bdcc706d5a0254258aa74c5c46f6fa17d6a_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:8f5117f7507fce0469134864b92b3bdcc706d5a0254258aa74c5c46f6fa17d6a_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:a010eedfec7d31c06ace549edbfe721b6bffd982ccea76db4ceed25bd8710c01_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:a010eedfec7d31c06ace549edbfe721b6bffd982ccea76db4ceed25bd8710c01_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:a010eedfec7d31c06ace549edbfe721b6bffd982ccea76db4ceed25bd8710c01_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:35fce23a6504732ffc4f0be72ba3146ffa87f38837c682cb906ae226e4f1b8c1_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:35fce23a6504732ffc4f0be72ba3146ffa87f38837c682cb906ae226e4f1b8c1_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:35fce23a6504732ffc4f0be72ba3146ffa87f38837c682cb906ae226e4f1b8c1_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:334305472bc1f5b9e1746910ebcf20020bfa72890f9a620321b1ceee60bbe83c_arm64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:334305472bc1f5b9e1746910ebcf20020bfa72890f9a620321b1ceee60bbe83c_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:334305472bc1f5b9e1746910ebcf20020bfa72890f9a620321b1ceee60bbe83c_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:b92131e6c10117add96b8dd27371da03c1309ec0eb02051c65bb79bb30e765b1_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:b92131e6c10117add96b8dd27371da03c1309ec0eb02051c65bb79bb30e765b1_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:b92131e6c10117add96b8dd27371da03c1309ec0eb02051c65bb79bb30e765b1_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:c4d3de06cb5b0cf7aca1ef75df713f2ce26db27903e71aad3a467075b02a6502_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:c4d3de06cb5b0cf7aca1ef75df713f2ce26db27903e71aad3a467075b02a6502_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:c4d3de06cb5b0cf7aca1ef75df713f2ce26db27903e71aad3a467075b02a6502_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:fbe7f6713f972f9fc7d63012ac28b62266543efd62ac5656935102a71bf1eda9_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:fbe7f6713f972f9fc7d63012ac28b62266543efd62ac5656935102a71bf1eda9_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:fbe7f6713f972f9fc7d63012ac28b62266543efd62ac5656935102a71bf1eda9_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:03ecff3c25f59dd20a5929bf33ccd0a1b2f1866957f2a2d4d1a43cc75f70e8d4_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:03ecff3c25f59dd20a5929bf33ccd0a1b2f1866957f2a2d4d1a43cc75f70e8d4_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:03ecff3c25f59dd20a5929bf33ccd0a1b2f1866957f2a2d4d1a43cc75f70e8d4_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:7fdfc833b0eca7331357cfee5c3bb4b727a636ccafab49f36a8a02093ee01905_arm64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:7fdfc833b0eca7331357cfee5c3bb4b727a636ccafab49f36a8a02093ee01905_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:7fdfc833b0eca7331357cfee5c3bb4b727a636ccafab49f36a8a02093ee01905_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:aab015a3c526df1f791008765f50be2754f3d66bd8dc43b236b9c06b127a540b_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:aab015a3c526df1f791008765f50be2754f3d66bd8dc43b236b9c06b127a540b_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:aab015a3c526df1f791008765f50be2754f3d66bd8dc43b236b9c06b127a540b_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:d344d74919028237674323d4e1efcfd9c6d32f5e4fc9b8a9949ab60a54b04e4a_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:d344d74919028237674323d4e1efcfd9c6d32f5e4fc9b8a9949ab60a54b04e4a_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:d344d74919028237674323d4e1efcfd9c6d32f5e4fc9b8a9949ab60a54b04e4a_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:aaf2249eb71b7fb9937599aefe8f19bb46e768759a275a50a41426a27aebeba2_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-operator-bundle@sha256:aaf2249eb71b7fb9937599aefe8f19bb46e768759a275a50a41426a27aebeba2_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-operator-bundle@sha256:aaf2249eb71b7fb9937599aefe8f19bb46e768759a275a50a41426a27aebeba2_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:ac40d8b92a95fd0c54632350ff2191b62e5340830d46391c97b6a770813e62c9_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:ac40d8b92a95fd0c54632350ff2191b62e5340830d46391c97b6a770813e62c9_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:ac40d8b92a95fd0c54632350ff2191b62e5340830d46391c97b6a770813e62c9_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:330c767a920c005e4d01f58342025d6f7c25710f97cd208d85ec92c2219afa8e_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:330c767a920c005e4d01f58342025d6f7c25710f97cd208d85ec92c2219afa8e_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:330c767a920c005e4d01f58342025d6f7c25710f97cd208d85ec92c2219afa8e_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:6b4cbf4c9117e72fba22ed738b6b181fd2dbb7777772decbcdbf97ba9ad8e6e2_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:6b4cbf4c9117e72fba22ed738b6b181fd2dbb7777772decbcdbf97ba9ad8e6e2_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:6b4cbf4c9117e72fba22ed738b6b181fd2dbb7777772decbcdbf97ba9ad8e6e2_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:6e44e981f8d55c78304e04d712c770f9f69f72fae04475354e29a58d4ecb9f4b_arm64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:6e44e981f8d55c78304e04d712c770f9f69f72fae04475354e29a58d4ecb9f4b_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:6e44e981f8d55c78304e04d712c770f9f69f72fae04475354e29a58d4ecb9f4b_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:df679427bbad444516ae929f87b958ed5b72649204044d3e4b809247ae2c0ba4_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:df679427bbad444516ae929f87b958ed5b72649204044d3e4b809247ae2c0ba4_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:df679427bbad444516ae929f87b958ed5b72649204044d3e4b809247ae2c0ba4_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:9731cb757024aee7fdf051bbe54bd5cfdcd82a330bad93f0e78c47a7ada21973_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:9731cb757024aee7fdf051bbe54bd5cfdcd82a330bad93f0e78c47a7ada21973_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:9731cb757024aee7fdf051bbe54bd5cfdcd82a330bad93f0e78c47a7ada21973_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:48fd2526f913f666384c08a862760736ddbf902d03161406ba9c6357467c4b12_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:48fd2526f913f666384c08a862760736ddbf902d03161406ba9c6357467c4b12_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:48fd2526f913f666384c08a862760736ddbf902d03161406ba9c6357467c4b12_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:483ba4458ee50ce3634371565be8f1092c2a41c5b2f75c483ec779c40e4a83d7_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:483ba4458ee50ce3634371565be8f1092c2a41c5b2f75c483ec779c40e4a83d7_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:483ba4458ee50ce3634371565be8f1092c2a41c5b2f75c483ec779c40e4a83d7_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:86695b6398cc7ee013b2e6b31a1f6fc1bab3bbd5686572e51b8beaf535dd8218_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:86695b6398cc7ee013b2e6b31a1f6fc1bab3bbd5686572e51b8beaf535dd8218_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:86695b6398cc7ee013b2e6b31a1f6fc1bab3bbd5686572e51b8beaf535dd8218_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:dc93c7e31c0ca3d94904d7744f0a892a30d1023b85f2caeb22a957395d6b740e_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:dc93c7e31c0ca3d94904d7744f0a892a30d1023b85f2caeb22a957395d6b740e_s390x"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:dc93c7e31c0ca3d94904d7744f0a892a30d1023b85f2caeb22a957395d6b740e_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:ec92bd14fcbb50bdf7373f053a28efcc67ce44e7591869c5514772470041621e_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:ec92bd14fcbb50bdf7373f053a28efcc67ce44e7591869c5514772470041621e_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:ec92bd14fcbb50bdf7373f053a28efcc67ce44e7591869c5514772470041621e_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:f475aa1657682054fb7a4ed4fbd089fea1afda6b308b49ee74541678db151012_arm64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:f475aa1657682054fb7a4ed4fbd089fea1afda6b308b49ee74541678db151012_arm64"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:f475aa1657682054fb7a4ed4fbd089fea1afda6b308b49ee74541678db151012_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:f1a82c96ba59b07f45cccc96446884c99827b770c826db2be5feab65090a0f20_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:f1a82c96ba59b07f45cccc96446884c99827b770c826db2be5feab65090a0f20_amd64"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:f1a82c96ba59b07f45cccc96446884c99827b770c826db2be5feab65090a0f20_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2f852f91f4f5b8e78ca12240e2bb5ae1afa73bf8c6bfa0c1722fc997d877a587_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2f852f91f4f5b8e78ca12240e2bb5ae1afa73bf8c6bfa0c1722fc997d877a587_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2f852f91f4f5b8e78ca12240e2bb5ae1afa73bf8c6bfa0c1722fc997d877a587_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:b0258e55e30f1b93b173ed5e87f0ce829615ca18583029f0e0fd5dad0c247e35_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:b0258e55e30f1b93b173ed5e87f0ce829615ca18583029f0e0fd5dad0c247e35_s390x"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:b0258e55e30f1b93b173ed5e87f0ce829615ca18583029f0e0fd5dad0c247e35_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bb775582f10a22feffcb1e5713d5d28795406eec7a4a5a59e2b94653a3149224_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bb775582f10a22feffcb1e5713d5d28795406eec7a4a5a59e2b94653a3149224_amd64"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bb775582f10a22feffcb1e5713d5d28795406eec7a4a5a59e2b94653a3149224_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:218873830ae5140be10349b08bca288a66cd837d83c1c4eb7026cf2f81dea62a_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-operator-bundle@sha256:ed9e6e1a9d9d1956e40374800afe592bb3f6e61a7edd16dea844624e869c2ba0_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7ee82c9cc77e4300268381d7d8a00c343dd26ef1db3dca20683af4054d8d7663_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-operator-bundle@sha256:dd16c429b2f98f03cf4287beafe1525a72286f17cb0818fb084e46d24f128976_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:636801e3669e8438c7ad105a72da20dc8749fa261ffe6d9d5b4a822e37a328cb_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:35fce23a6504732ffc4f0be72ba3146ffa87f38837c682cb906ae226e4f1b8c1_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-operator-bundle@sha256:aaf2249eb71b7fb9937599aefe8f19bb46e768759a275a50a41426a27aebeba2_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:ac40d8b92a95fd0c54632350ff2191b62e5340830d46391c97b6a770813e62c9_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:9731cb757024aee7fdf051bbe54bd5cfdcd82a330bad93f0e78c47a7ada21973_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:48fd2526f913f666384c08a862760736ddbf902d03161406ba9c6357467c4b12_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:483ba4458ee50ce3634371565be8f1092c2a41c5b2f75c483ec779c40e4a83d7_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:f1a82c96ba59b07f45cccc96446884c99827b770c826db2be5feab65090a0f20_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:0ff71082f0e46ec806cef8dcbef750e02a8b6bce3193b987207ab242e2132178_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:16f2b6bb122078ab5f39e99a6ed046d16f570b813e25fe038d121341541e8e3b_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:8308ddca0ae68f5d26002ce7da0c8a07c5967e03f9e953f9e20015d31fe27b2c_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:9d814cd9d871c4d4388ff9a770ccf65c1e2c0b84a9834f41ed30c17088d6026c_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9@sha256:07b1728430bba1d5972366e16a146cab125dbaf02bb59ce62193630aac925f7e_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9@sha256:c7838c0b696349f697f2c7a165667e09799ef620a7e712ab715c3af23a40bb1c_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9@sha256:f608d0f360d923badd100732028f0ed8e4794d42db4406a8d9d1d0716300bd5e_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-core-rhel9@sha256:120bb47fa2ba5dbfd9aa50dd12cb11476ab0e265a15bd0990b47594902781240_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-core-rhel9@sha256:145342094b8a2473ffc05f2f12db525712af6e6fcce7761a98c0e2ba5c79233f_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-core-rhel9@sha256:700c545f5a3b752d743d24dca36c9114161329ec3fc0ab4f2b87781870f2449a_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:276de4f5443c73b4270b4e12dac977376e8ce66a8d560c270cd742c296fe3a39_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:4cd4c22f6abb6da2eb0e927d9ab1ec76bc2300dd6af6c3afc2507d15e8c6ef2c_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:b993ba30c006766d1327e047d5744704421eb533dda807ca467091270088f0dc_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:f184cb84569eaef3ead4eefd9870e8c7b3d0ca216202b5993004399b84060603_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:51f391c97cc38e78f1eb0efad0d33bee47975acacedf8861832743bc25d5489d_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:b17fa8546693526a09e9098ee2929cdf01dc4c070618ae4301b1b6cd4eae488d_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:c5eee39bf3802d1dcf532ddd9e3593b2ca1d9e806d5967b824f352616a72ebcf_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2a51c331324fe00f1c92cf9bfc9f12e4ea29b34a7105e5503aa05c223e830d51_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2c433aeff6412b71bf40913a4eb2fe49a956d37cb027168f8e17d7c18b67cdf4_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3da88817c32a6a141182164a6722bddbab9ef9e5d8521f0e714ea526a603b92e_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:413df635042b749eb2fec245263a8f8d96751c4c4f6688f45811e3ce47b2c7b2_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:07ea84cc031e1c88b026fea1dc1a3f4bdc695a828aa56f3fdd896b09de6b8778_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:dc6d08b94339b42efac1dc17e52c483084d59982d3c20a097992823eddd8bed0_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:f8c160c6dbf37d223a567a4407abe2678dfd765968a1b5d56f9905682948a4f9_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:15e394a4e1ee534d3490ffaa4c43c341a5ea5502c2dd962982edc8a587caae90_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4bed8c3b330b54f88f72815fd0034e1907ded310e3d67d90942a378df6fe7545_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ab4b3e0943cced9b2bffb25efdfd2b52cbb02ecdb4ccde4e1ffb9f0f79db655e_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b0e3cb4bd4e0ca0c662fea801811d88628261bac514efaee5b64e2e9b50db091_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:04945e930df1dc3cb5f81d3fe19690b856b2f99ccdfd5286ecb862c63867dbfc_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:8daaf1ee358b64089c9e004807e3e23b694d7e6cb39e71fab41c42ab6f69facc_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:9cb6a0474e2a6928e00d5087f6117f35d8f9f6c3f8b47b8884ffc3a454d542fb_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:a0be73cb08e97006b9a930a55a8453ae3fea7870afe4c04828d7e2ee0866a895_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-console-rhel9@sha256:225562443f620f38f1b37810ab96031f4f2db6fef70e0db4e0074b5d19a986b7_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-console-rhel9@sha256:4596bafe33260957505da3ef7ecdf8913d0ddcde8051d37a752070a2833dddfa_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-console-rhel9@sha256:b99688625ddc898075e3d8b103349292e0219575b38ac0e8954d6532f0c71fb4_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:17a18b54ddf1e8d3904ab4ed8525e0b16933905f640665877fafdb93c18867c3_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:a9ceb99a6aa92164e43fddf5cdae8f6e4af9ad0fab22da80cecb1d779fd4e661_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e669c86fd65a6174e7f354366984a67f8ce86cd16983a96418c685bfc1be65f7_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0c7b3db4adfc5d103902192c8c1c50a3d924f8030f2b5acc931dd097f801a928_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:67d6c7668f1713acfedac8dec6a762d1beac329ca93828d3a5212c0a0da3614d_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b10ad3969ca5eabc194c50ccc9b6038f73c29c3be45e6b81ceaa69e772a1b8f9_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:cdbec30ff2e46e7e20cd5318226a32ec94457bc652c0a8b315eb90db91d5d89a_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:8dc9931fe60832a46080479e902af6c674f6793f922dfa2e58ed9eb8110cc716_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:94a096f682d80a1e632749d0a901adfe5ad62a63034c9d537f1ac3702691dca1_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e8984ec310ccb865a641439bbc370c4c225baaef63567ba3199ada3375827683_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ec5466223d6d8ad0fadf57643ad425d88982dfd89577bed1039cace91c2574ce_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:72c50f22befa94706806b2837e94d99a1b3f73c3fe3fca7522c9cb6d753347bd_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:8f5117f7507fce0469134864b92b3bdcc706d5a0254258aa74c5c46f6fa17d6a_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:a010eedfec7d31c06ace549edbfe721b6bffd982ccea76db4ceed25bd8710c01_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:334305472bc1f5b9e1746910ebcf20020bfa72890f9a620321b1ceee60bbe83c_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:b92131e6c10117add96b8dd27371da03c1309ec0eb02051c65bb79bb30e765b1_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:c4d3de06cb5b0cf7aca1ef75df713f2ce26db27903e71aad3a467075b02a6502_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:fbe7f6713f972f9fc7d63012ac28b62266543efd62ac5656935102a71bf1eda9_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:03ecff3c25f59dd20a5929bf33ccd0a1b2f1866957f2a2d4d1a43cc75f70e8d4_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:7fdfc833b0eca7331357cfee5c3bb4b727a636ccafab49f36a8a02093ee01905_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:aab015a3c526df1f791008765f50be2754f3d66bd8dc43b236b9c06b127a540b_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:d344d74919028237674323d4e1efcfd9c6d32f5e4fc9b8a9949ab60a54b04e4a_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:330c767a920c005e4d01f58342025d6f7c25710f97cd208d85ec92c2219afa8e_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:6b4cbf4c9117e72fba22ed738b6b181fd2dbb7777772decbcdbf97ba9ad8e6e2_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:6e44e981f8d55c78304e04d712c770f9f69f72fae04475354e29a58d4ecb9f4b_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:df679427bbad444516ae929f87b958ed5b72649204044d3e4b809247ae2c0ba4_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:86695b6398cc7ee013b2e6b31a1f6fc1bab3bbd5686572e51b8beaf535dd8218_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:dc93c7e31c0ca3d94904d7744f0a892a30d1023b85f2caeb22a957395d6b740e_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:ec92bd14fcbb50bdf7373f053a28efcc67ce44e7591869c5514772470041621e_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:f475aa1657682054fb7a4ed4fbd089fea1afda6b308b49ee74541678db151012_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2f852f91f4f5b8e78ca12240e2bb5ae1afa73bf8c6bfa0c1722fc997d877a587_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:b0258e55e30f1b93b173ed5e87f0ce829615ca18583029f0e0fd5dad0c247e35_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bb775582f10a22feffcb1e5713d5d28795406eec7a4a5a59e2b94653a3149224_amd64"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:218873830ae5140be10349b08bca288a66cd837d83c1c4eb7026cf2f81dea62a_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-operator-bundle@sha256:ed9e6e1a9d9d1956e40374800afe592bb3f6e61a7edd16dea844624e869c2ba0_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7ee82c9cc77e4300268381d7d8a00c343dd26ef1db3dca20683af4054d8d7663_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-operator-bundle@sha256:dd16c429b2f98f03cf4287beafe1525a72286f17cb0818fb084e46d24f128976_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:636801e3669e8438c7ad105a72da20dc8749fa261ffe6d9d5b4a822e37a328cb_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:35fce23a6504732ffc4f0be72ba3146ffa87f38837c682cb906ae226e4f1b8c1_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-operator-bundle@sha256:aaf2249eb71b7fb9937599aefe8f19bb46e768759a275a50a41426a27aebeba2_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:ac40d8b92a95fd0c54632350ff2191b62e5340830d46391c97b6a770813e62c9_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:9731cb757024aee7fdf051bbe54bd5cfdcd82a330bad93f0e78c47a7ada21973_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:48fd2526f913f666384c08a862760736ddbf902d03161406ba9c6357467c4b12_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:483ba4458ee50ce3634371565be8f1092c2a41c5b2f75c483ec779c40e4a83d7_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:f1a82c96ba59b07f45cccc96446884c99827b770c826db2be5feab65090a0f20_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-01T12:01:32+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.17/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:0ff71082f0e46ec806cef8dcbef750e02a8b6bce3193b987207ab242e2132178_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:16f2b6bb122078ab5f39e99a6ed046d16f570b813e25fe038d121341541e8e3b_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:8308ddca0ae68f5d26002ce7da0c8a07c5967e03f9e953f9e20015d31fe27b2c_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:9d814cd9d871c4d4388ff9a770ccf65c1e2c0b84a9834f41ed30c17088d6026c_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9@sha256:07b1728430bba1d5972366e16a146cab125dbaf02bb59ce62193630aac925f7e_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9@sha256:c7838c0b696349f697f2c7a165667e09799ef620a7e712ab715c3af23a40bb1c_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9@sha256:f608d0f360d923badd100732028f0ed8e4794d42db4406a8d9d1d0716300bd5e_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-core-rhel9@sha256:120bb47fa2ba5dbfd9aa50dd12cb11476ab0e265a15bd0990b47594902781240_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-core-rhel9@sha256:145342094b8a2473ffc05f2f12db525712af6e6fcce7761a98c0e2ba5c79233f_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-core-rhel9@sha256:700c545f5a3b752d743d24dca36c9114161329ec3fc0ab4f2b87781870f2449a_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:276de4f5443c73b4270b4e12dac977376e8ce66a8d560c270cd742c296fe3a39_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:4cd4c22f6abb6da2eb0e927d9ab1ec76bc2300dd6af6c3afc2507d15e8c6ef2c_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:b993ba30c006766d1327e047d5744704421eb533dda807ca467091270088f0dc_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:f184cb84569eaef3ead4eefd9870e8c7b3d0ca216202b5993004399b84060603_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:51f391c97cc38e78f1eb0efad0d33bee47975acacedf8861832743bc25d5489d_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:b17fa8546693526a09e9098ee2929cdf01dc4c070618ae4301b1b6cd4eae488d_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:c5eee39bf3802d1dcf532ddd9e3593b2ca1d9e806d5967b824f352616a72ebcf_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2a51c331324fe00f1c92cf9bfc9f12e4ea29b34a7105e5503aa05c223e830d51_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2c433aeff6412b71bf40913a4eb2fe49a956d37cb027168f8e17d7c18b67cdf4_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3da88817c32a6a141182164a6722bddbab9ef9e5d8521f0e714ea526a603b92e_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:413df635042b749eb2fec245263a8f8d96751c4c4f6688f45811e3ce47b2c7b2_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:07ea84cc031e1c88b026fea1dc1a3f4bdc695a828aa56f3fdd896b09de6b8778_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:dc6d08b94339b42efac1dc17e52c483084d59982d3c20a097992823eddd8bed0_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:f8c160c6dbf37d223a567a4407abe2678dfd765968a1b5d56f9905682948a4f9_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:15e394a4e1ee534d3490ffaa4c43c341a5ea5502c2dd962982edc8a587caae90_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4bed8c3b330b54f88f72815fd0034e1907ded310e3d67d90942a378df6fe7545_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ab4b3e0943cced9b2bffb25efdfd2b52cbb02ecdb4ccde4e1ffb9f0f79db655e_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b0e3cb4bd4e0ca0c662fea801811d88628261bac514efaee5b64e2e9b50db091_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:04945e930df1dc3cb5f81d3fe19690b856b2f99ccdfd5286ecb862c63867dbfc_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:8daaf1ee358b64089c9e004807e3e23b694d7e6cb39e71fab41c42ab6f69facc_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:9cb6a0474e2a6928e00d5087f6117f35d8f9f6c3f8b47b8884ffc3a454d542fb_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:a0be73cb08e97006b9a930a55a8453ae3fea7870afe4c04828d7e2ee0866a895_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-console-rhel9@sha256:225562443f620f38f1b37810ab96031f4f2db6fef70e0db4e0074b5d19a986b7_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-console-rhel9@sha256:4596bafe33260957505da3ef7ecdf8913d0ddcde8051d37a752070a2833dddfa_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-console-rhel9@sha256:b99688625ddc898075e3d8b103349292e0219575b38ac0e8954d6532f0c71fb4_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:17a18b54ddf1e8d3904ab4ed8525e0b16933905f640665877fafdb93c18867c3_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:a9ceb99a6aa92164e43fddf5cdae8f6e4af9ad0fab22da80cecb1d779fd4e661_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e669c86fd65a6174e7f354366984a67f8ce86cd16983a96418c685bfc1be65f7_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0c7b3db4adfc5d103902192c8c1c50a3d924f8030f2b5acc931dd097f801a928_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:67d6c7668f1713acfedac8dec6a762d1beac329ca93828d3a5212c0a0da3614d_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b10ad3969ca5eabc194c50ccc9b6038f73c29c3be45e6b81ceaa69e772a1b8f9_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:cdbec30ff2e46e7e20cd5318226a32ec94457bc652c0a8b315eb90db91d5d89a_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:8dc9931fe60832a46080479e902af6c674f6793f922dfa2e58ed9eb8110cc716_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:94a096f682d80a1e632749d0a901adfe5ad62a63034c9d537f1ac3702691dca1_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e8984ec310ccb865a641439bbc370c4c225baaef63567ba3199ada3375827683_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ec5466223d6d8ad0fadf57643ad425d88982dfd89577bed1039cace91c2574ce_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:72c50f22befa94706806b2837e94d99a1b3f73c3fe3fca7522c9cb6d753347bd_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:8f5117f7507fce0469134864b92b3bdcc706d5a0254258aa74c5c46f6fa17d6a_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:a010eedfec7d31c06ace549edbfe721b6bffd982ccea76db4ceed25bd8710c01_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:334305472bc1f5b9e1746910ebcf20020bfa72890f9a620321b1ceee60bbe83c_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:b92131e6c10117add96b8dd27371da03c1309ec0eb02051c65bb79bb30e765b1_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:c4d3de06cb5b0cf7aca1ef75df713f2ce26db27903e71aad3a467075b02a6502_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:fbe7f6713f972f9fc7d63012ac28b62266543efd62ac5656935102a71bf1eda9_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:03ecff3c25f59dd20a5929bf33ccd0a1b2f1866957f2a2d4d1a43cc75f70e8d4_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:7fdfc833b0eca7331357cfee5c3bb4b727a636ccafab49f36a8a02093ee01905_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:aab015a3c526df1f791008765f50be2754f3d66bd8dc43b236b9c06b127a540b_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:d344d74919028237674323d4e1efcfd9c6d32f5e4fc9b8a9949ab60a54b04e4a_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:330c767a920c005e4d01f58342025d6f7c25710f97cd208d85ec92c2219afa8e_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:6b4cbf4c9117e72fba22ed738b6b181fd2dbb7777772decbcdbf97ba9ad8e6e2_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:6e44e981f8d55c78304e04d712c770f9f69f72fae04475354e29a58d4ecb9f4b_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:df679427bbad444516ae929f87b958ed5b72649204044d3e4b809247ae2c0ba4_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:86695b6398cc7ee013b2e6b31a1f6fc1bab3bbd5686572e51b8beaf535dd8218_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:dc93c7e31c0ca3d94904d7744f0a892a30d1023b85f2caeb22a957395d6b740e_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:ec92bd14fcbb50bdf7373f053a28efcc67ce44e7591869c5514772470041621e_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:f475aa1657682054fb7a4ed4fbd089fea1afda6b308b49ee74541678db151012_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2f852f91f4f5b8e78ca12240e2bb5ae1afa73bf8c6bfa0c1722fc997d877a587_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:b0258e55e30f1b93b173ed5e87f0ce829615ca18583029f0e0fd5dad0c247e35_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bb775582f10a22feffcb1e5713d5d28795406eec7a4a5a59e2b94653a3149224_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:17145"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:218873830ae5140be10349b08bca288a66cd837d83c1c4eb7026cf2f81dea62a_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:0ff71082f0e46ec806cef8dcbef750e02a8b6bce3193b987207ab242e2132178_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:16f2b6bb122078ab5f39e99a6ed046d16f570b813e25fe038d121341541e8e3b_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:8308ddca0ae68f5d26002ce7da0c8a07c5967e03f9e953f9e20015d31fe27b2c_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:9d814cd9d871c4d4388ff9a770ccf65c1e2c0b84a9834f41ed30c17088d6026c_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9@sha256:07b1728430bba1d5972366e16a146cab125dbaf02bb59ce62193630aac925f7e_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9@sha256:c7838c0b696349f697f2c7a165667e09799ef620a7e712ab715c3af23a40bb1c_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9@sha256:f608d0f360d923badd100732028f0ed8e4794d42db4406a8d9d1d0716300bd5e_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-core-rhel9@sha256:120bb47fa2ba5dbfd9aa50dd12cb11476ab0e265a15bd0990b47594902781240_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-core-rhel9@sha256:145342094b8a2473ffc05f2f12db525712af6e6fcce7761a98c0e2ba5c79233f_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-core-rhel9@sha256:700c545f5a3b752d743d24dca36c9114161329ec3fc0ab4f2b87781870f2449a_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-operator-bundle@sha256:ed9e6e1a9d9d1956e40374800afe592bb3f6e61a7edd16dea844624e869c2ba0_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:276de4f5443c73b4270b4e12dac977376e8ce66a8d560c270cd742c296fe3a39_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:4cd4c22f6abb6da2eb0e927d9ab1ec76bc2300dd6af6c3afc2507d15e8c6ef2c_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:b993ba30c006766d1327e047d5744704421eb533dda807ca467091270088f0dc_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:f184cb84569eaef3ead4eefd9870e8c7b3d0ca216202b5993004399b84060603_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:51f391c97cc38e78f1eb0efad0d33bee47975acacedf8861832743bc25d5489d_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:b17fa8546693526a09e9098ee2929cdf01dc4c070618ae4301b1b6cd4eae488d_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:c5eee39bf3802d1dcf532ddd9e3593b2ca1d9e806d5967b824f352616a72ebcf_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7ee82c9cc77e4300268381d7d8a00c343dd26ef1db3dca20683af4054d8d7663_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2a51c331324fe00f1c92cf9bfc9f12e4ea29b34a7105e5503aa05c223e830d51_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2c433aeff6412b71bf40913a4eb2fe49a956d37cb027168f8e17d7c18b67cdf4_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3da88817c32a6a141182164a6722bddbab9ef9e5d8521f0e714ea526a603b92e_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:413df635042b749eb2fec245263a8f8d96751c4c4f6688f45811e3ce47b2c7b2_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:07ea84cc031e1c88b026fea1dc1a3f4bdc695a828aa56f3fdd896b09de6b8778_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:dc6d08b94339b42efac1dc17e52c483084d59982d3c20a097992823eddd8bed0_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:f8c160c6dbf37d223a567a4407abe2678dfd765968a1b5d56f9905682948a4f9_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-operator-bundle@sha256:dd16c429b2f98f03cf4287beafe1525a72286f17cb0818fb084e46d24f128976_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:15e394a4e1ee534d3490ffaa4c43c341a5ea5502c2dd962982edc8a587caae90_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4bed8c3b330b54f88f72815fd0034e1907ded310e3d67d90942a378df6fe7545_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ab4b3e0943cced9b2bffb25efdfd2b52cbb02ecdb4ccde4e1ffb9f0f79db655e_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b0e3cb4bd4e0ca0c662fea801811d88628261bac514efaee5b64e2e9b50db091_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:04945e930df1dc3cb5f81d3fe19690b856b2f99ccdfd5286ecb862c63867dbfc_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:8daaf1ee358b64089c9e004807e3e23b694d7e6cb39e71fab41c42ab6f69facc_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:9cb6a0474e2a6928e00d5087f6117f35d8f9f6c3f8b47b8884ffc3a454d542fb_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:a0be73cb08e97006b9a930a55a8453ae3fea7870afe4c04828d7e2ee0866a895_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-console-rhel9@sha256:225562443f620f38f1b37810ab96031f4f2db6fef70e0db4e0074b5d19a986b7_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-console-rhel9@sha256:4596bafe33260957505da3ef7ecdf8913d0ddcde8051d37a752070a2833dddfa_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-console-rhel9@sha256:b99688625ddc898075e3d8b103349292e0219575b38ac0e8954d6532f0c71fb4_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:17a18b54ddf1e8d3904ab4ed8525e0b16933905f640665877fafdb93c18867c3_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:a9ceb99a6aa92164e43fddf5cdae8f6e4af9ad0fab22da80cecb1d779fd4e661_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e669c86fd65a6174e7f354366984a67f8ce86cd16983a96418c685bfc1be65f7_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:636801e3669e8438c7ad105a72da20dc8749fa261ffe6d9d5b4a822e37a328cb_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0c7b3db4adfc5d103902192c8c1c50a3d924f8030f2b5acc931dd097f801a928_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:67d6c7668f1713acfedac8dec6a762d1beac329ca93828d3a5212c0a0da3614d_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b10ad3969ca5eabc194c50ccc9b6038f73c29c3be45e6b81ceaa69e772a1b8f9_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:cdbec30ff2e46e7e20cd5318226a32ec94457bc652c0a8b315eb90db91d5d89a_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:8dc9931fe60832a46080479e902af6c674f6793f922dfa2e58ed9eb8110cc716_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:94a096f682d80a1e632749d0a901adfe5ad62a63034c9d537f1ac3702691dca1_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e8984ec310ccb865a641439bbc370c4c225baaef63567ba3199ada3375827683_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ec5466223d6d8ad0fadf57643ad425d88982dfd89577bed1039cace91c2574ce_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:72c50f22befa94706806b2837e94d99a1b3f73c3fe3fca7522c9cb6d753347bd_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:8f5117f7507fce0469134864b92b3bdcc706d5a0254258aa74c5c46f6fa17d6a_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:a010eedfec7d31c06ace549edbfe721b6bffd982ccea76db4ceed25bd8710c01_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:35fce23a6504732ffc4f0be72ba3146ffa87f38837c682cb906ae226e4f1b8c1_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:334305472bc1f5b9e1746910ebcf20020bfa72890f9a620321b1ceee60bbe83c_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:b92131e6c10117add96b8dd27371da03c1309ec0eb02051c65bb79bb30e765b1_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:c4d3de06cb5b0cf7aca1ef75df713f2ce26db27903e71aad3a467075b02a6502_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:fbe7f6713f972f9fc7d63012ac28b62266543efd62ac5656935102a71bf1eda9_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:03ecff3c25f59dd20a5929bf33ccd0a1b2f1866957f2a2d4d1a43cc75f70e8d4_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:7fdfc833b0eca7331357cfee5c3bb4b727a636ccafab49f36a8a02093ee01905_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:aab015a3c526df1f791008765f50be2754f3d66bd8dc43b236b9c06b127a540b_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:d344d74919028237674323d4e1efcfd9c6d32f5e4fc9b8a9949ab60a54b04e4a_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-operator-bundle@sha256:aaf2249eb71b7fb9937599aefe8f19bb46e768759a275a50a41426a27aebeba2_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:ac40d8b92a95fd0c54632350ff2191b62e5340830d46391c97b6a770813e62c9_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:330c767a920c005e4d01f58342025d6f7c25710f97cd208d85ec92c2219afa8e_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:6b4cbf4c9117e72fba22ed738b6b181fd2dbb7777772decbcdbf97ba9ad8e6e2_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:6e44e981f8d55c78304e04d712c770f9f69f72fae04475354e29a58d4ecb9f4b_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:df679427bbad444516ae929f87b958ed5b72649204044d3e4b809247ae2c0ba4_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:9731cb757024aee7fdf051bbe54bd5cfdcd82a330bad93f0e78c47a7ada21973_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:48fd2526f913f666384c08a862760736ddbf902d03161406ba9c6357467c4b12_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:483ba4458ee50ce3634371565be8f1092c2a41c5b2f75c483ec779c40e4a83d7_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:86695b6398cc7ee013b2e6b31a1f6fc1bab3bbd5686572e51b8beaf535dd8218_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:dc93c7e31c0ca3d94904d7744f0a892a30d1023b85f2caeb22a957395d6b740e_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:ec92bd14fcbb50bdf7373f053a28efcc67ce44e7591869c5514772470041621e_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:f475aa1657682054fb7a4ed4fbd089fea1afda6b308b49ee74541678db151012_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:f1a82c96ba59b07f45cccc96446884c99827b770c826db2be5feab65090a0f20_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2f852f91f4f5b8e78ca12240e2bb5ae1afa73bf8c6bfa0c1722fc997d877a587_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:b0258e55e30f1b93b173ed5e87f0ce829615ca18583029f0e0fd5dad0c247e35_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bb775582f10a22feffcb1e5713d5d28795406eec7a4a5a59e2b94653a3149224_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
}
]
}
RHSA-2025:1443
Vulnerability from csaf_redhat - Published: 2025-02-13 15:42 - Updated: 2025-11-21 19:23Summary
Red Hat Security Advisory: nodejs:20 security update
Notes
Topic
An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1443",
"url": "https://access.redhat.com/errata/RHSA-2025:1443"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1443.json"
}
],
"title": "Red Hat Security Advisory: nodejs:20 security update",
"tracking": {
"current_release_date": "2025-11-21T19:23:44+00:00",
"generator": {
"date": "2025-11-21T19:23:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:1443",
"initial_release_date": "2025-02-13T15:42:45+00:00",
"revision_history": [
{
"date": "2025-02-13T15:42:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-13T15:42:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:23:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src::nodejs:20",
"product": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src (nodejs:20)",
"product_id": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=src\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src (nodejs:20)",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.3.0.z%2B20478%2B84a9f781?arch=src\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src (nodejs:20)",
"product_id": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=src\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch::nodejs:20",
"product": {
"name": "nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch (nodejs:20)",
"product_id": "nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch (nodejs:20)",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.3.0.z%2B20478%2B84a9f781?arch=noarch\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch (nodejs:20)",
"product_id": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=noarch\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch (nodejs:20)",
"product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=noarch\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"product": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64 (nodejs:20)",
"product_id": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64 (nodejs:20)",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64 (nodejs:20)",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64 (nodejs:20)",
"product_id": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64 (nodejs:20)",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64 (nodejs:20)",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"product": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le (nodejs:20)",
"product_id": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le (nodejs:20)",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le (nodejs:20)",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le (nodejs:20)",
"product_id": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le (nodejs:20)",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le (nodejs:20)",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"product": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x (nodejs:20)",
"product_id": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x (nodejs:20)",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x (nodejs:20)",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x (nodejs:20)",
"product_id": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x (nodejs:20)",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x (nodejs:20)",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"product": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64 (nodejs:20)",
"product_id": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64 (nodejs:20)",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64 (nodejs:20)",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64 (nodejs:20)",
"product_id": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64 (nodejs:20)",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64 (nodejs:20)",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20"
},
"product_reference": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20"
},
"product_reference": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20"
},
"product_reference": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src::nodejs:20"
},
"product_reference": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20"
},
"product_reference": "nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch::nodejs:20"
},
"product_reference": "nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-13T15:42:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1443"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23083",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-01-22T02:00:43.830080+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because the diagnostics_channel utility, allowing attackers to hook into events triggered when a worker thread is created. This not only exposes user-defined workers but also internal workers, enabling the attacker to retrieve instances and potentially capture and reinstate their constructors for malicious purposes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "RHBZ#2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
}
],
"release_date": "2025-01-22T01:11:30.802000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-13T15:42:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1443"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-13T15:42:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1443"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.3.0.z+20478+84a9f781.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.3.0+19518+63aad52d.src::nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.3.0+19518+63aad52d.noarch::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x::nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64::nodejs:20"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
RHSA-2025:1613
Vulnerability from csaf_redhat - Published: 2025-02-17 19:21 - Updated: 2025-11-21 19:26Summary
Red Hat Security Advisory: nodejs:22 security update
Notes
Topic
An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1613",
"url": "https://access.redhat.com/errata/RHSA-2025:1613"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1613.json"
}
],
"title": "Red Hat Security Advisory: nodejs:22 security update",
"tracking": {
"current_release_date": "2025-11-21T19:26:31+00:00",
"generator": {
"date": "2025-11-21T19:26:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:1613",
"initial_release_date": "2025-02-17T19:21:42+00:00",
"revision_history": [
{
"date": "2025-02-17T19:21:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-17T19:21:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:26:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22",
"product": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src (nodejs:22)",
"product_id": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=src\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src (nodejs:22)",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=src\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src::nodejs:22",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src (nodejs:22)",
"product_id": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.5.0%2B22763%2B17233acb?arch=src\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"product": {
"name": "nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch (nodejs:22)",
"product_id": "nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch (nodejs:22)",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=noarch\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch (nodejs:22)",
"product_id": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.5.0%2B22763%2B17233acb?arch=noarch\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch (nodejs:22)",
"product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel9.5.0%2B22763%2B17233acb?arch=noarch\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"product": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 (nodejs:22)",
"product_id": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 (nodejs:22)",
"product_id": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 (nodejs:22)",
"product_id": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64 (nodejs:22)",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64 (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=3\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"product": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le (nodejs:22)",
"product_id": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le (nodejs:22)",
"product_id": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le (nodejs:22)",
"product_id": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le (nodejs:22)",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=3\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"product": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x (nodejs:22)",
"product_id": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x (nodejs:22)",
"product_id": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x (nodejs:22)",
"product_id": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x (nodejs:22)",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=3\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"product": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 (nodejs:22)",
"product_id": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 (nodejs:22)",
"product_id": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 (nodejs:22)",
"product_id": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64 (nodejs:22)",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64 (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=3\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22"
},
"product_reference": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22"
},
"product_reference": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22"
},
"product_reference": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22"
},
"product_reference": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22"
},
"product_reference": "nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22"
},
"product_reference": "nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src::nodejs:22"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T19:21:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1613"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23083",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-01-22T02:00:43.830080+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because the diagnostics_channel utility, allowing attackers to hook into events triggered when a worker thread is created. This not only exposes user-defined workers but also internal workers, enabling the attacker to retrieve instances and potentially capture and reinstate their constructors for malicious purposes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "RHBZ#2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
}
],
"release_date": "2025-01-22T01:11:30.802000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T19:21:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1613"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T19:21:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1613"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-1:22.13.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-1:22.13.1-1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-0:3.0.1-1.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-0:2021.06-4.module+el9.5.0+22763+17233acb.src::nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-0:2021.06-4.module+el9.5.0+22763+17233acb.noarch::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x::nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
RHSA-2025:2588
Vulnerability from csaf_redhat - Published: 2025-03-10 23:41 - Updated: 2025-12-05 06:24Summary
Red Hat Security Advisory: RHOAI 2.18.0 - Red Hat OpenShift AI
Notes
Topic
Updated images are now available for Red Hat OpenShift AI.
Details
Release of RHOAI 2.18.0 provides these changes:
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat OpenShift AI.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of RHOAI 2.18.0 provides these changes:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:2588",
"url": "https://access.redhat.com/errata/RHSA-2025:2588"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-11187",
"url": "https://access.redhat.com/security/cve/CVE-2024-11187"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-24970",
"url": "https://access.redhat.com/security/cve/CVE-2025-24970"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22150",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_2588.json"
}
],
"title": "Red Hat Security Advisory: RHOAI 2.18.0 - Red Hat OpenShift AI",
"tracking": {
"current_release_date": "2025-12-05T06:24:26+00:00",
"generator": {
"date": "2025-12-05T06:24:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.13"
}
},
"id": "RHSA-2025:2588",
"initial_release_date": "2025-03-10T23:41:31+00:00",
"revision_history": [
{
"date": "2025-03-10T23:41:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-03-25T20:51:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-05T06:24:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift AI 2.18",
"product": {
"name": "Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_ai:2.18::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"product_id": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-codeflare-operator-rhel8@sha256%3A4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989833"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel8@sha256%3A31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740990297"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-argoexec-rhel8@sha256%3Ab1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989936"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256%3A67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989936"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-operator-controller-rhel8@sha256%3Aeaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989646"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kf-notebook-controller-rhel8@sha256%3A5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989687"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kuberay-operator-controller-rhel8@sha256%3A64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989446"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kueue-controller-rhel8@sha256%3A2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989612"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-api-server-v2-rhel8@sha256%3A287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1741002128"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-driver-rhel8@sha256%3A95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1741001790"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-launcher-rhel8@sha256%3Af28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740990379"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256%3A0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740990313"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-runtime-generic-rhel8@sha256%3A760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1741002323"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256%3Adcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740990379"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mlmd-grpc-server-rhel8@sha256%3A4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989677"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mm-rest-proxy-rhel8@sha256%3Aed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989933"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel8@sha256%3A9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989839"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-operator-rhel8@sha256%3A25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989698"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-rhel8@sha256%3A710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989704"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-runtime-adapter-rhel8@sha256%3A2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1741002425"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-serving-controller-rhel8@sha256%3Aeb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989968"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-rhel8@sha256%3A04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989471"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"product_id": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-notebook-controller-rhel8@sha256%3A983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989687"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"product_id": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-operator-bundle@sha256%3A36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1741009551"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"product_id": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel8-operator@sha256%3A4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1741008250"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"product_id": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-training-operator-rhel8@sha256%3A0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740990420"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-operator-rhel8@sha256%3A81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1741001643"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-rhel8@sha256%3A0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989457"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel8@sha256%3A42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c?arch=ppc64le\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740990297"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel8@sha256%3A100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa?arch=ppc64le\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989839"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"product_id": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel8-operator@sha256%3A71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f?arch=ppc64le\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1741008250"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel8@sha256%3Aef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4?arch=s390x\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740990297"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel8@sha256%3A65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b?arch=s390x\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989839"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"product_id": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel8-operator@sha256%3Ad0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618?arch=s390x\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1741008250"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Toshifumi Sakaguchi"
]
}
],
"cve": "CVE-2024-11187",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-29T21:04:37.737000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342879"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the bind package where a crafted DNS zone may generate numerous records in the \u0027Additional\u0027 section of the response. This flaw allows an attacker to send a large amount of such queries, which may lead either the authoritative server or an independent resolver to run into an uncontrolled CPU resource scenario, ultimately resulting in the server not being able to attend new requests and causing a denial of service as a consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: bind9: Many records in the additional section cause CPU exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The bind package as shipped by Red Hat does not by default set the option `minimal-responses yes;` in the configuration file.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11187"
},
{
"category": "external",
"summary": "RHBZ#2342879",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342879"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11187"
}
],
"release_date": "2025-01-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-10T23:41:31+00:00",
"details": "For Red Hat OpenShift AI 2.18.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:2588"
},
{
"category": "workaround",
"details": "Users can set the option `minimal-responses yes;`in the configuration file located at `/etc/named.conf`to mitigate this vulnerability.",
"product_ids": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: bind9: Many records in the additional section cause CPU exhaustion"
},
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-10T23:41:31+00:00",
"details": "For Red Hat OpenShift AI 2.18.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:2588"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-10T23:41:31+00:00",
"details": "For Red Hat OpenShift AI 2.18.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:2588"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-10T23:41:31+00:00",
"details": "For Red Hat OpenShift AI 2.18.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:2588"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-24970",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-02-10T23:00:52.785132+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344787"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.netty:netty-handler: SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Netty\u0027s SslHandler is of important severity rather than moderate because it directly impacts the stability and reliability of applications using native SSLEngine. By sending a specially crafted packet, an attacker can trigger a native crash, leading to a complete process termination. Unlike typical moderate vulnerabilities that might cause limited disruptions or require specific conditions, this flaw can be exploited remotely to induce a Denial of Service (DoS), affecting high-availability systems and mission-critical services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-24970"
},
{
"category": "external",
"summary": "RHBZ#2344787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4",
"url": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw",
"url": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw"
}
],
"release_date": "2025-02-10T21:57:28.730000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-10T23:41:31+00:00",
"details": "For Red Hat OpenShift AI 2.18.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:2588"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "io.netty:netty-handler: SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine"
}
]
}
RHSA-2025:21368
Vulnerability from csaf_redhat - Published: 2025-11-13 17:36 - Updated: 2025-12-05 11:02Summary
Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.18 security, enhancement & bug fix update
Notes
Topic
Red Hat OpenShift Data Foundation 4.18 security, enhancement & bug fix update
Details
Red Hat OpenShift Data Foundation 4.18 security, enhancement & bug fix update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Data Foundation 4.18 security, enhancement \u0026 bug fix update",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Data Foundation 4.18 security, enhancement \u0026 bug fix update.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:21368",
"url": "https://access.redhat.com/errata/RHSA-2025:21368"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2022-0155",
"url": "https://access.redhat.com/security/cve/CVE-2022-0155"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2022-0536",
"url": "https://access.redhat.com/security/cve/CVE-2022-0536"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22150",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5889",
"url": "https://access.redhat.com/security/cve/CVE-2025-5889"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-7195",
"url": "https://access.redhat.com/security/cve/CVE-2025-7195"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_21368.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.18 security, enhancement \u0026 bug fix update",
"tracking": {
"current_release_date": "2025-12-05T11:02:10+00:00",
"generator": {
"date": "2025-12-05T11:02:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.13"
}
},
"id": "RHSA-2025:21368",
"initial_release_date": "2025-11-13T17:36:32+00:00",
"revision_history": [
{
"date": "2025-11-13T17:36:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-13T17:36:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-05T11:02:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Openshift Data Foundation 4.18",
"product": {
"name": "Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_data_foundation:4.18::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Openshift Data Foundation"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:1690d6c99f4626289bcdd78c8521edffb61c91da1a45aa2eb2b6ab2af137b7c1_amd64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:1690d6c99f4626289bcdd78c8521edffb61c91da1a45aa2eb2b6ab2af137b7c1_amd64",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:1690d6c99f4626289bcdd78c8521edffb61c91da1a45aa2eb2b6ab2af137b7c1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3A1690d6c99f4626289bcdd78c8521edffb61c91da1a45aa2eb2b6ab2af137b7c1?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854289"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:5ee6284d6354e4e55f1ee7eb5a79b833aae6e31bf42bf185c4192e5d373f06e7_amd64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:5ee6284d6354e4e55f1ee7eb5a79b833aae6e31bf42bf185c4192e5d373f06e7_amd64",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:5ee6284d6354e4e55f1ee7eb5a79b833aae6e31bf42bf185c4192e5d373f06e7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3A5ee6284d6354e4e55f1ee7eb5a79b833aae6e31bf42bf185c4192e5d373f06e7?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854280"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:d273d52e59706f54e1f5382119db5f50b462281fba160dab6d85b57707b45eec_amd64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:d273d52e59706f54e1f5382119db5f50b462281fba160dab6d85b57707b45eec_amd64",
"product_id": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:d273d52e59706f54e1f5382119db5f50b462281fba160dab6d85b57707b45eec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-operator-bundle@sha256%3Ad273d52e59706f54e1f5382119db5f50b462281fba160dab6d85b57707b45eec?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1762335989"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:e0d3839cbb1734c0e224e0c076c7c8b4d0e0888e31989b8a6a611418ea2c72bc_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:e0d3839cbb1734c0e224e0c076c7c8b4d0e0888e31989b8a6a611418ea2c72bc_amd64",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:e0d3839cbb1734c0e224e0c076c7c8b4d0e0888e31989b8a6a611418ea2c72bc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3Ae0d3839cbb1734c0e224e0c076c7c8b4d0e0888e31989b8a6a611418ea2c72bc?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854280"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c6eb556ecea92be74c6175061678d06bb3006a6ccfc5927d2327ddcf244c934b_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c6eb556ecea92be74c6175061678d06bb3006a6ccfc5927d2327ddcf244c934b_amd64",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c6eb556ecea92be74c6175061678d06bb3006a6ccfc5927d2327ddcf244c934b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3Ac6eb556ecea92be74c6175061678d06bb3006a6ccfc5927d2327ddcf244c934b?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854319"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:6d7720076a49e7e35b52a84c98d858a0c7b767ccad79ad3cfbf721419053669a_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:6d7720076a49e7e35b52a84c98d858a0c7b767ccad79ad3cfbf721419053669a_amd64",
"product_id": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:6d7720076a49e7e35b52a84c98d858a0c7b767ccad79ad3cfbf721419053669a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256%3A6d7720076a49e7e35b52a84c98d858a0c7b767ccad79ad3cfbf721419053669a?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1762335993"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49f1e7092bdd19f318580b3d4dfc37dbec8435f814b7d1b863ed34a6ba6157ee_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49f1e7092bdd19f318580b3d4dfc37dbec8435f814b7d1b863ed34a6ba6157ee_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49f1e7092bdd19f318580b3d4dfc37dbec8435f814b7d1b863ed34a6ba6157ee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3A49f1e7092bdd19f318580b3d4dfc37dbec8435f814b7d1b863ed34a6ba6157ee?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761855549"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2bd4927011a029a1dd7ba2baa2fdc759d431550879eddc8813d89cb44cdb2767_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2bd4927011a029a1dd7ba2baa2fdc759d431550879eddc8813d89cb44cdb2767_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2bd4927011a029a1dd7ba2baa2fdc759d431550879eddc8813d89cb44cdb2767_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A2bd4927011a029a1dd7ba2baa2fdc759d431550879eddc8813d89cb44cdb2767?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7f8435653f35ea08e5d5e7305a06ad3ebee9ddf04f8c03c3cb34fd6fe1f6f577_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7f8435653f35ea08e5d5e7305a06ad3ebee9ddf04f8c03c3cb34fd6fe1f6f577_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7f8435653f35ea08e5d5e7305a06ad3ebee9ddf04f8c03c3cb34fd6fe1f6f577_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-operator-bundle@sha256%3A7f8435653f35ea08e5d5e7305a06ad3ebee9ddf04f8c03c3cb34fd6fe1f6f577?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1762336017"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:ecc54bc4e8be6f3bfade15c23827e84445acc12c63b4e133cee73e57ac5a42aa_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:ecc54bc4e8be6f3bfade15c23827e84445acc12c63b4e133cee73e57ac5a42aa_amd64",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:ecc54bc4e8be6f3bfade15c23827e84445acc12c63b4e133cee73e57ac5a42aa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3Aecc54bc4e8be6f3bfade15c23827e84445acc12c63b4e133cee73e57ac5a42aa?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854422"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:d2cc16ec9cc1f40da3b1967bc9a7b208062c5bc4a2753213ae2c41c62c5115aa_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:d2cc16ec9cc1f40da3b1967bc9a7b208062c5bc4a2753213ae2c41c62c5115aa_amd64",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:d2cc16ec9cc1f40da3b1967bc9a7b208062c5bc4a2753213ae2c41c62c5115aa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3Ad2cc16ec9cc1f40da3b1967bc9a7b208062c5bc4a2753213ae2c41c62c5115aa?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854430"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:08d6bef2c472ebd7918a9124ac40e6ac0b834df9a7b4a160f027f511345a7df7_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:08d6bef2c472ebd7918a9124ac40e6ac0b834df9a7b4a160f027f511345a7df7_amd64",
"product_id": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:08d6bef2c472ebd7918a9124ac40e6ac0b834df9a7b4a160f027f511345a7df7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256%3A08d6bef2c472ebd7918a9124ac40e6ac0b834df9a7b4a160f027f511345a7df7?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1762335997"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:0a5ac166f5ebddae21dcf2ce8a5932494209533ac4a92ff5551a402291f27ff9_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:0a5ac166f5ebddae21dcf2ce8a5932494209533ac4a92ff5551a402291f27ff9_amd64",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:0a5ac166f5ebddae21dcf2ce8a5932494209533ac4a92ff5551a402291f27ff9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A0a5ac166f5ebddae21dcf2ce8a5932494209533ac4a92ff5551a402291f27ff9?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854457"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:65176cfc11dcc49e7b175404475dd0fcd9ad14e3b3e8ab85816cf52d64c51512_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:65176cfc11dcc49e7b175404475dd0fcd9ad14e3b3e8ab85816cf52d64c51512_amd64",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:65176cfc11dcc49e7b175404475dd0fcd9ad14e3b3e8ab85816cf52d64c51512_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3A65176cfc11dcc49e7b175404475dd0fcd9ad14e3b3e8ab85816cf52d64c51512?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854484"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:173a4998c70c4c8ff9d0d4f90fb48e8e3d3f8fbc4deeb4f742cbaa38dda61215_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:173a4998c70c4c8ff9d0d4f90fb48e8e3d3f8fbc4deeb4f742cbaa38dda61215_amd64",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:173a4998c70c4c8ff9d0d4f90fb48e8e3d3f8fbc4deeb4f742cbaa38dda61215_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3A173a4998c70c4c8ff9d0d4f90fb48e8e3d3f8fbc4deeb4f742cbaa38dda61215?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:599bfb2b83e095f88d90a408d4e8bf66bf10070255c5d174ca9ed8668111d25f_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:599bfb2b83e095f88d90a408d4e8bf66bf10070255c5d174ca9ed8668111d25f_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:599bfb2b83e095f88d90a408d4e8bf66bf10070255c5d174ca9ed8668111d25f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3A599bfb2b83e095f88d90a408d4e8bf66bf10070255c5d174ca9ed8668111d25f?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854494"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:d277d4fdca57ce067c39f039795be4890fa7fc8d38eccebad11a1d9597e87a20_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:d277d4fdca57ce067c39f039795be4890fa7fc8d38eccebad11a1d9597e87a20_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:d277d4fdca57ce067c39f039795be4890fa7fc8d38eccebad11a1d9597e87a20_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256%3Ad277d4fdca57ce067c39f039795be4890fa7fc8d38eccebad11a1d9597e87a20?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1762335999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:40f8584e7ed0be1742fc3d40ee639dfd5323e38c55c7fcae4146d4246abf6cf0_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:40f8584e7ed0be1742fc3d40ee639dfd5323e38c55c7fcae4146d4246abf6cf0_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:40f8584e7ed0be1742fc3d40ee639dfd5323e38c55c7fcae4146d4246abf6cf0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3A40f8584e7ed0be1742fc3d40ee639dfd5323e38c55c7fcae4146d4246abf6cf0?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854493"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:3db3d6a4b9ff4b4b17784d1e1390fcd8888d87f827a726b6cbafe6977d10230b_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:3db3d6a4b9ff4b4b17784d1e1390fcd8888d87f827a726b6cbafe6977d10230b_amd64",
"product_id": "registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:3db3d6a4b9ff4b4b17784d1e1390fcd8888d87f827a726b6cbafe6977d10230b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-dependencies-operator-bundle@sha256%3A3db3d6a4b9ff4b4b17784d1e1390fcd8888d87f827a726b6cbafe6977d10230b?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1762336001"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:116f99072859f76161266a538d92d7e19e3b463fc18e6084cf7faf7a6b311116_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:116f99072859f76161266a538d92d7e19e3b463fc18e6084cf7faf7a6b311116_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:116f99072859f76161266a538d92d7e19e3b463fc18e6084cf7faf7a6b311116_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3A116f99072859f76161266a538d92d7e19e3b463fc18e6084cf7faf7a6b311116?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854504"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d72bc2058e6fe68d79add2423d6ec95baf531f4d3e6a542f6e9d9a07f52bd9c9_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d72bc2058e6fe68d79add2423d6ec95baf531f4d3e6a542f6e9d9a07f52bd9c9_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d72bc2058e6fe68d79add2423d6ec95baf531f4d3e6a542f6e9d9a07f52bd9c9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3Ad72bc2058e6fe68d79add2423d6ec95baf531f4d3e6a542f6e9d9a07f52bd9c9?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854489"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d719d402444a60324cf1d9f7aaadfd49bcc1e9ed725a39e08ea317336bddbb67_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d719d402444a60324cf1d9f7aaadfd49bcc1e9ed725a39e08ea317336bddbb67_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d719d402444a60324cf1d9f7aaadfd49bcc1e9ed725a39e08ea317336bddbb67_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256%3Ad719d402444a60324cf1d9f7aaadfd49bcc1e9ed725a39e08ea317336bddbb67?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1762336017"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:9164cc380719f38594bfef8cd590c16c53b066809ceecfc04ebef36355f42ce9_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:9164cc380719f38594bfef8cd590c16c53b066809ceecfc04ebef36355f42ce9_amd64",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:9164cc380719f38594bfef8cd590c16c53b066809ceecfc04ebef36355f42ce9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3A9164cc380719f38594bfef8cd590c16c53b066809ceecfc04ebef36355f42ce9?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761855467"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:c988f8015f90581e97bb97210853d417b7f090e62d39a0469865e1628a9dbbd3_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:c988f8015f90581e97bb97210853d417b7f090e62d39a0469865e1628a9dbbd3_amd64",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:c988f8015f90581e97bb97210853d417b7f090e62d39a0469865e1628a9dbbd3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3Ac988f8015f90581e97bb97210853d417b7f090e62d39a0469865e1628a9dbbd3?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854524"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:2e8752ff9ae05a7ed9a3ed160681c17c8e5ffaf5b46b9ec37f7cbb6938388c8b_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:2e8752ff9ae05a7ed9a3ed160681c17c8e5ffaf5b46b9ec37f7cbb6938388c8b_amd64",
"product_id": "registry.redhat.io/odf4/odf-operator-bundle@sha256:2e8752ff9ae05a7ed9a3ed160681c17c8e5ffaf5b46b9ec37f7cbb6938388c8b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256%3A2e8752ff9ae05a7ed9a3ed160681c17c8e5ffaf5b46b9ec37f7cbb6938388c8b?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1762336004"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:9dd75502bd5db692f56e9f7e3fdbc0198c1767fa24b0bbfda380579506db6e4f_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:9dd75502bd5db692f56e9f7e3fdbc0198c1767fa24b0bbfda380579506db6e4f_amd64",
"product_id": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:9dd75502bd5db692f56e9f7e3fdbc0198c1767fa24b0bbfda380579506db6e4f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-prometheus-operator-bundle@sha256%3A9dd75502bd5db692f56e9f7e3fdbc0198c1767fa24b0bbfda380579506db6e4f?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1762336007"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:141b7b2c681d3313e3b09a77766f1babf684864433c3a1ae142085a69899e492_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:141b7b2c681d3313e3b09a77766f1babf684864433c3a1ae142085a69899e492_amd64",
"product_id": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:141b7b2c681d3313e3b09a77766f1babf684864433c3a1ae142085a69899e492_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256%3A141b7b2c681d3313e3b09a77766f1babf684864433c3a1ae142085a69899e492?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1762336021"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:c869330faff69d3c83411b4b4c7551d6f082511c8d816e7947b4591fd6b0f7b5_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:c869330faff69d3c83411b4b4c7551d6f082511c8d816e7947b4591fd6b0f7b5_amd64",
"product_id": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:c869330faff69d3c83411b4b4c7551d6f082511c8d816e7947b4591fd6b0f7b5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256%3Ac869330faff69d3c83411b4b4c7551d6f082511c8d816e7947b4591fd6b0f7b5?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1762336019"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:83746838d5b190c09d22dd1cc34c7d4822022534c624be10854bd9b660713932_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:83746838d5b190c09d22dd1cc34c7d4822022534c624be10854bd9b660713932_amd64",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:83746838d5b190c09d22dd1cc34c7d4822022534c624be10854bd9b660713932_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3A83746838d5b190c09d22dd1cc34c7d4822022534c624be10854bd9b660713932?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1762335558"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:584286170d5b1bb360fda36d9ec705cacf96177799d47b3e3dc7ec506e4d7579_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:584286170d5b1bb360fda36d9ec705cacf96177799d47b3e3dc7ec506e4d7579_amd64",
"product_id": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:584286170d5b1bb360fda36d9ec705cacf96177799d47b3e3dc7ec506e4d7579_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-recipe-operator-bundle@sha256%3A584286170d5b1bb360fda36d9ec705cacf96177799d47b3e3dc7ec506e4d7579?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1762336023"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f0fc8196ffce6f355f06c0157a38e36109eaa9be1f3e91ad71fdd72bc33ee509_amd64",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f0fc8196ffce6f355f06c0157a38e36109eaa9be1f3e91ad71fdd72bc33ee509_amd64",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f0fc8196ffce6f355f06c0157a38e36109eaa9be1f3e91ad71fdd72bc33ee509_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3Af0fc8196ffce6f355f06c0157a38e36109eaa9be1f3e91ad71fdd72bc33ee509?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761855234"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2c723b07206550b1fc1ec2df455931b93f84caabbc41784741f539579ea99dd3_amd64",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2c723b07206550b1fc1ec2df455931b93f84caabbc41784741f539579ea99dd3_amd64",
"product_id": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2c723b07206550b1fc1ec2df455931b93f84caabbc41784741f539579ea99dd3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-operator-bundle@sha256%3A2c723b07206550b1fc1ec2df455931b93f84caabbc41784741f539579ea99dd3?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1762336050"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:1ff67f3ff46b59b86c2f29596008440da7da8d594005881c65d6d4ab645aefc6_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:1ff67f3ff46b59b86c2f29596008440da7da8d594005881c65d6d4ab645aefc6_ppc64le",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:1ff67f3ff46b59b86c2f29596008440da7da8d594005881c65d6d4ab645aefc6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3A1ff67f3ff46b59b86c2f29596008440da7da8d594005881c65d6d4ab645aefc6?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854289"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7c02ce667bc7b6693596ba249e34d7233a95fdb1966ce317927b2363518a564f_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7c02ce667bc7b6693596ba249e34d7233a95fdb1966ce317927b2363518a564f_ppc64le",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7c02ce667bc7b6693596ba249e34d7233a95fdb1966ce317927b2363518a564f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3A7c02ce667bc7b6693596ba249e34d7233a95fdb1966ce317927b2363518a564f?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854280"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:87f5569806a8960520bab78d69514f2e2061b2ad69040cf7c164a5037c27e6bf_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:87f5569806a8960520bab78d69514f2e2061b2ad69040cf7c164a5037c27e6bf_ppc64le",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:87f5569806a8960520bab78d69514f2e2061b2ad69040cf7c164a5037c27e6bf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3A87f5569806a8960520bab78d69514f2e2061b2ad69040cf7c164a5037c27e6bf?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854280"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:ac8d47727a66b68185bf77848b27b8e5a9c41a023cb6f424a75369b6e4b500a7_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:ac8d47727a66b68185bf77848b27b8e5a9c41a023cb6f424a75369b6e4b500a7_ppc64le",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:ac8d47727a66b68185bf77848b27b8e5a9c41a023cb6f424a75369b6e4b500a7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3Aac8d47727a66b68185bf77848b27b8e5a9c41a023cb6f424a75369b6e4b500a7?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854319"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:37d0208891259e9d725fb4146d023c1f0cd0dafbff8e322b7c12621ea25f8c85_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:37d0208891259e9d725fb4146d023c1f0cd0dafbff8e322b7c12621ea25f8c85_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:37d0208891259e9d725fb4146d023c1f0cd0dafbff8e322b7c12621ea25f8c85_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3A37d0208891259e9d725fb4146d023c1f0cd0dafbff8e322b7c12621ea25f8c85?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761855549"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:526abc72ccfa1729a5962911f92da64a3dda4a689421ecdb21c7ad2a049f53ef_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:526abc72ccfa1729a5962911f92da64a3dda4a689421ecdb21c7ad2a049f53ef_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:526abc72ccfa1729a5962911f92da64a3dda4a689421ecdb21c7ad2a049f53ef_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A526abc72ccfa1729a5962911f92da64a3dda4a689421ecdb21c7ad2a049f53ef?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:d40189f09ff39240e5e49412c1314d9911fcb957459c7496b215da8c9f758b8e_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:d40189f09ff39240e5e49412c1314d9911fcb957459c7496b215da8c9f758b8e_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:d40189f09ff39240e5e49412c1314d9911fcb957459c7496b215da8c9f758b8e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3Ad40189f09ff39240e5e49412c1314d9911fcb957459c7496b215da8c9f758b8e?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854422"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2abd2d479416e66c6f85e4e883d5e4987bc38f476f907766374784107b89de9a_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2abd2d479416e66c6f85e4e883d5e4987bc38f476f907766374784107b89de9a_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2abd2d479416e66c6f85e4e883d5e4987bc38f476f907766374784107b89de9a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3A2abd2d479416e66c6f85e4e883d5e4987bc38f476f907766374784107b89de9a?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854430"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:c786effa06598ecb80690644d1c9075588e123ad200db05686568a80a1feeb56_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:c786effa06598ecb80690644d1c9075588e123ad200db05686568a80a1feeb56_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:c786effa06598ecb80690644d1c9075588e123ad200db05686568a80a1feeb56_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3Ac786effa06598ecb80690644d1c9075588e123ad200db05686568a80a1feeb56?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854457"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:7ea7c9adce3bb022e345cffcb939e4d4d03e44717ac32a00cbef60d3fb5eb2b3_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:7ea7c9adce3bb022e345cffcb939e4d4d03e44717ac32a00cbef60d3fb5eb2b3_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:7ea7c9adce3bb022e345cffcb939e4d4d03e44717ac32a00cbef60d3fb5eb2b3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3A7ea7c9adce3bb022e345cffcb939e4d4d03e44717ac32a00cbef60d3fb5eb2b3?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854484"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:c5e4d50a9c4ee10b0e7f9bba3d4d21bf479b19423ef3e0530a6637be85acc1ed_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:c5e4d50a9c4ee10b0e7f9bba3d4d21bf479b19423ef3e0530a6637be85acc1ed_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:c5e4d50a9c4ee10b0e7f9bba3d4d21bf479b19423ef3e0530a6637be85acc1ed_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3Ac5e4d50a9c4ee10b0e7f9bba3d4d21bf479b19423ef3e0530a6637be85acc1ed?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b2fbb75c7054d13ff54575b398d6d70b5f0348c9777fcb88611b95c0dc18db4e_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b2fbb75c7054d13ff54575b398d6d70b5f0348c9777fcb88611b95c0dc18db4e_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b2fbb75c7054d13ff54575b398d6d70b5f0348c9777fcb88611b95c0dc18db4e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3Ab2fbb75c7054d13ff54575b398d6d70b5f0348c9777fcb88611b95c0dc18db4e?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854494"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c8def04b4b3d5eb619a67c199c543e637582bfd8dbf59785bc7ebdb190a6511_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c8def04b4b3d5eb619a67c199c543e637582bfd8dbf59785bc7ebdb190a6511_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c8def04b4b3d5eb619a67c199c543e637582bfd8dbf59785bc7ebdb190a6511_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3A4c8def04b4b3d5eb619a67c199c543e637582bfd8dbf59785bc7ebdb190a6511?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854493"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:da96f0e217a418accd74f8958444423cb4baca7311ee8d3bf70d22c42597f5cb_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:da96f0e217a418accd74f8958444423cb4baca7311ee8d3bf70d22c42597f5cb_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:da96f0e217a418accd74f8958444423cb4baca7311ee8d3bf70d22c42597f5cb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3Ada96f0e217a418accd74f8958444423cb4baca7311ee8d3bf70d22c42597f5cb?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854504"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:ea4c2c1e333eb04d8d5514d255336aa7f0d20fa462b595ebcadcf2929acf9909_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:ea4c2c1e333eb04d8d5514d255336aa7f0d20fa462b595ebcadcf2929acf9909_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:ea4c2c1e333eb04d8d5514d255336aa7f0d20fa462b595ebcadcf2929acf9909_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3Aea4c2c1e333eb04d8d5514d255336aa7f0d20fa462b595ebcadcf2929acf9909?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854489"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:1645b8ebfe127ec4a9b8c7c7a2d2ae6723bf1c02d49920a7f579197e8d21366f_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:1645b8ebfe127ec4a9b8c7c7a2d2ae6723bf1c02d49920a7f579197e8d21366f_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:1645b8ebfe127ec4a9b8c7c7a2d2ae6723bf1c02d49920a7f579197e8d21366f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3A1645b8ebfe127ec4a9b8c7c7a2d2ae6723bf1c02d49920a7f579197e8d21366f?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761855467"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:65c4003dfb7180e015ec74fe9e599bcc313501ab9b9c67d61fc59a68e6c89349_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:65c4003dfb7180e015ec74fe9e599bcc313501ab9b9c67d61fc59a68e6c89349_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:65c4003dfb7180e015ec74fe9e599bcc313501ab9b9c67d61fc59a68e6c89349_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A65c4003dfb7180e015ec74fe9e599bcc313501ab9b9c67d61fc59a68e6c89349?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854524"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:66e773cf82a564ebe81af3d5206e6b24ddf9559ccb1e9f90646f0203b5da6863_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:66e773cf82a564ebe81af3d5206e6b24ddf9559ccb1e9f90646f0203b5da6863_ppc64le",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:66e773cf82a564ebe81af3d5206e6b24ddf9559ccb1e9f90646f0203b5da6863_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3A66e773cf82a564ebe81af3d5206e6b24ddf9559ccb1e9f90646f0203b5da6863?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1762335558"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:25b4647a37692cde90c499460a62a78342827265992adc0740bef650028fc2df_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:25b4647a37692cde90c499460a62a78342827265992adc0740bef650028fc2df_ppc64le",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:25b4647a37692cde90c499460a62a78342827265992adc0740bef650028fc2df_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3A25b4647a37692cde90c499460a62a78342827265992adc0740bef650028fc2df?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761855234"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:b251e7b26d4a6f3443d6d795a4d92992b5f79d56e5561477648eabae286d7641_s390x",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:b251e7b26d4a6f3443d6d795a4d92992b5f79d56e5561477648eabae286d7641_s390x",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:b251e7b26d4a6f3443d6d795a4d92992b5f79d56e5561477648eabae286d7641_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3Ab251e7b26d4a6f3443d6d795a4d92992b5f79d56e5561477648eabae286d7641?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854289"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:f4615211c16cc89f94043e2588400957b8fd225f233c86096542ac1364678cf4_s390x",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:f4615211c16cc89f94043e2588400957b8fd225f233c86096542ac1364678cf4_s390x",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:f4615211c16cc89f94043e2588400957b8fd225f233c86096542ac1364678cf4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3Af4615211c16cc89f94043e2588400957b8fd225f233c86096542ac1364678cf4?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854280"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:c8dce4a25f10645edc649576e995b2b6619c8bc39c2c30d3cffbe3a3c3a86b35_s390x",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:c8dce4a25f10645edc649576e995b2b6619c8bc39c2c30d3cffbe3a3c3a86b35_s390x",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:c8dce4a25f10645edc649576e995b2b6619c8bc39c2c30d3cffbe3a3c3a86b35_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3Ac8dce4a25f10645edc649576e995b2b6619c8bc39c2c30d3cffbe3a3c3a86b35?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854280"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:852442ee591c566acde876d1101b89f6009f186f6f705bb128754b2ed0043d46_s390x",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:852442ee591c566acde876d1101b89f6009f186f6f705bb128754b2ed0043d46_s390x",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:852442ee591c566acde876d1101b89f6009f186f6f705bb128754b2ed0043d46_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3A852442ee591c566acde876d1101b89f6009f186f6f705bb128754b2ed0043d46?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854319"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:e9f1e2743fe9930ccb470c6eb8d9e9577640fe6a9ab7a013648e513b6216fa74_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:e9f1e2743fe9930ccb470c6eb8d9e9577640fe6a9ab7a013648e513b6216fa74_s390x",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:e9f1e2743fe9930ccb470c6eb8d9e9577640fe6a9ab7a013648e513b6216fa74_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3Ae9f1e2743fe9930ccb470c6eb8d9e9577640fe6a9ab7a013648e513b6216fa74?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761855549"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:f588f9517ac72fb92989f929ad6e643440f709cb4d311974d0e201bfd6b17958_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:f588f9517ac72fb92989f929ad6e643440f709cb4d311974d0e201bfd6b17958_s390x",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:f588f9517ac72fb92989f929ad6e643440f709cb4d311974d0e201bfd6b17958_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3Af588f9517ac72fb92989f929ad6e643440f709cb4d311974d0e201bfd6b17958?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5aad1d226292a42c700e97575eec56040108869acdcb720a9c5b32d02a0035b3_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5aad1d226292a42c700e97575eec56040108869acdcb720a9c5b32d02a0035b3_s390x",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5aad1d226292a42c700e97575eec56040108869acdcb720a9c5b32d02a0035b3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3A5aad1d226292a42c700e97575eec56040108869acdcb720a9c5b32d02a0035b3?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854422"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4d0f4fe708b4aea53b1bbf71fb10a41fd50313d62fb380b7cafd6abb130b5024_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4d0f4fe708b4aea53b1bbf71fb10a41fd50313d62fb380b7cafd6abb130b5024_s390x",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4d0f4fe708b4aea53b1bbf71fb10a41fd50313d62fb380b7cafd6abb130b5024_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3A4d0f4fe708b4aea53b1bbf71fb10a41fd50313d62fb380b7cafd6abb130b5024?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854430"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:c59f7905c54d41103305ecef9883cbe5f37f8a1921572773d9fd783c35026be3_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:c59f7905c54d41103305ecef9883cbe5f37f8a1921572773d9fd783c35026be3_s390x",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:c59f7905c54d41103305ecef9883cbe5f37f8a1921572773d9fd783c35026be3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3Ac59f7905c54d41103305ecef9883cbe5f37f8a1921572773d9fd783c35026be3?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854457"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:b14c3a7c4cc6531ed0d9701fe1b07ddc8c85e702ef8b058f0eaaadb1e8852a04_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:b14c3a7c4cc6531ed0d9701fe1b07ddc8c85e702ef8b058f0eaaadb1e8852a04_s390x",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:b14c3a7c4cc6531ed0d9701fe1b07ddc8c85e702ef8b058f0eaaadb1e8852a04_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3Ab14c3a7c4cc6531ed0d9701fe1b07ddc8c85e702ef8b058f0eaaadb1e8852a04?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854484"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:20c7a4f70f6000f204a3c53c153aaa3c08be94c98c09b90f538b2a19156a00e0_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:20c7a4f70f6000f204a3c53c153aaa3c08be94c98c09b90f538b2a19156a00e0_s390x",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:20c7a4f70f6000f204a3c53c153aaa3c08be94c98c09b90f538b2a19156a00e0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3A20c7a4f70f6000f204a3c53c153aaa3c08be94c98c09b90f538b2a19156a00e0?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:d56cef998bb118950349234aacabc55dd066bb065b3502206505b1f7b01534c4_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:d56cef998bb118950349234aacabc55dd066bb065b3502206505b1f7b01534c4_s390x",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:d56cef998bb118950349234aacabc55dd066bb065b3502206505b1f7b01534c4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3Ad56cef998bb118950349234aacabc55dd066bb065b3502206505b1f7b01534c4?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854494"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4da2afb698447df4a45a8bc1b479e57a5da7cd7a3ace09e131717a31155ec8a5_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4da2afb698447df4a45a8bc1b479e57a5da7cd7a3ace09e131717a31155ec8a5_s390x",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4da2afb698447df4a45a8bc1b479e57a5da7cd7a3ace09e131717a31155ec8a5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3A4da2afb698447df4a45a8bc1b479e57a5da7cd7a3ace09e131717a31155ec8a5?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854493"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c5b233911109f0a218b634d8d317229a3949b2ea5936b7ec91ebfcdd6f15060_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c5b233911109f0a218b634d8d317229a3949b2ea5936b7ec91ebfcdd6f15060_s390x",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c5b233911109f0a218b634d8d317229a3949b2ea5936b7ec91ebfcdd6f15060_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3A7c5b233911109f0a218b634d8d317229a3949b2ea5936b7ec91ebfcdd6f15060?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854504"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:228bbd789e0de72a48a3673fab02aa53b14485fce3b27d2e4cd30eb30f5ac1b6_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:228bbd789e0de72a48a3673fab02aa53b14485fce3b27d2e4cd30eb30f5ac1b6_s390x",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:228bbd789e0de72a48a3673fab02aa53b14485fce3b27d2e4cd30eb30f5ac1b6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3A228bbd789e0de72a48a3673fab02aa53b14485fce3b27d2e4cd30eb30f5ac1b6?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854489"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:eb4386e6dfb4a2277085dbc44190243c40d973b80e9985fe42378098eb35e6e7_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:eb4386e6dfb4a2277085dbc44190243c40d973b80e9985fe42378098eb35e6e7_s390x",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:eb4386e6dfb4a2277085dbc44190243c40d973b80e9985fe42378098eb35e6e7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3Aeb4386e6dfb4a2277085dbc44190243c40d973b80e9985fe42378098eb35e6e7?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761855467"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:1d10099e7b5e3a3c4444569f6af365f90494c71b758aad1dad53f5aecf788ca5_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:1d10099e7b5e3a3c4444569f6af365f90494c71b758aad1dad53f5aecf788ca5_s390x",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:1d10099e7b5e3a3c4444569f6af365f90494c71b758aad1dad53f5aecf788ca5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A1d10099e7b5e3a3c4444569f6af365f90494c71b758aad1dad53f5aecf788ca5?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854524"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:2987990bc63fa58ced038084921bdf168a017bd0b94b296a7c79dc264388339a_s390x",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:2987990bc63fa58ced038084921bdf168a017bd0b94b296a7c79dc264388339a_s390x",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:2987990bc63fa58ced038084921bdf168a017bd0b94b296a7c79dc264388339a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3A2987990bc63fa58ced038084921bdf168a017bd0b94b296a7c79dc264388339a?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1762335558"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:fdb74e11ba60926cf6abfe7898ffec199d3efe07fb0273e794ba4e10c9f7ad70_s390x",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:fdb74e11ba60926cf6abfe7898ffec199d3efe07fb0273e794ba4e10c9f7ad70_s390x",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:fdb74e11ba60926cf6abfe7898ffec199d3efe07fb0273e794ba4e10c9f7ad70_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3Afdb74e11ba60926cf6abfe7898ffec199d3efe07fb0273e794ba4e10c9f7ad70?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761855234"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:eb1067cf493864c4ca48459b2f9adf0964b3849564743a17e7a3686e925e448f_arm64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:eb1067cf493864c4ca48459b2f9adf0964b3849564743a17e7a3686e925e448f_arm64",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:eb1067cf493864c4ca48459b2f9adf0964b3849564743a17e7a3686e925e448f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3Aeb1067cf493864c4ca48459b2f9adf0964b3849564743a17e7a3686e925e448f?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854280"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:00bdcca61bc8765fbbc838deeb86392ce25c72f0170241c270484ec9b77bd263_arm64",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:00bdcca61bc8765fbbc838deeb86392ce25c72f0170241c270484ec9b77bd263_arm64",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:00bdcca61bc8765fbbc838deeb86392ce25c72f0170241c270484ec9b77bd263_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3A00bdcca61bc8765fbbc838deeb86392ce25c72f0170241c270484ec9b77bd263?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854319"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:a492d94ceced107b6b8dc7339cca181875d2245c5f8ac9ecc51979160a341d76_arm64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:a492d94ceced107b6b8dc7339cca181875d2245c5f8ac9ecc51979160a341d76_arm64",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:a492d94ceced107b6b8dc7339cca181875d2245c5f8ac9ecc51979160a341d76_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3Aa492d94ceced107b6b8dc7339cca181875d2245c5f8ac9ecc51979160a341d76?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2b5deb8c15ca85aec11aa24b3c7cdc200e7ece6b8e53cdf0b073898c8f3c87a5_arm64",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2b5deb8c15ca85aec11aa24b3c7cdc200e7ece6b8e53cdf0b073898c8f3c87a5_arm64",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2b5deb8c15ca85aec11aa24b3c7cdc200e7ece6b8e53cdf0b073898c8f3c87a5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3A2b5deb8c15ca85aec11aa24b3c7cdc200e7ece6b8e53cdf0b073898c8f3c87a5?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854430"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:cb4d70c84e2d58e9a4f8108a16ad6f7e1ab78fc4ef7a96dc96f8b5ba788ece0e_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:cb4d70c84e2d58e9a4f8108a16ad6f7e1ab78fc4ef7a96dc96f8b5ba788ece0e_arm64",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:cb4d70c84e2d58e9a4f8108a16ad6f7e1ab78fc4ef7a96dc96f8b5ba788ece0e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3Acb4d70c84e2d58e9a4f8108a16ad6f7e1ab78fc4ef7a96dc96f8b5ba788ece0e?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854457"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:bdfb055790f5c58fd4d5699cdcb07151f4be909d920f3243d4610b74183a961d_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:bdfb055790f5c58fd4d5699cdcb07151f4be909d920f3243d4610b74183a961d_arm64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:bdfb055790f5c58fd4d5699cdcb07151f4be909d920f3243d4610b74183a961d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3Abdfb055790f5c58fd4d5699cdcb07151f4be909d920f3243d4610b74183a961d?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854494"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:95172347459900115fd67d22daa025b8545a9ee9ec05d1098f9196710c720d76_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:95172347459900115fd67d22daa025b8545a9ee9ec05d1098f9196710c720d76_arm64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:95172347459900115fd67d22daa025b8545a9ee9ec05d1098f9196710c720d76_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3A95172347459900115fd67d22daa025b8545a9ee9ec05d1098f9196710c720d76?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854493"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:053ad72159390ad37825015b051252dc162f46ebeeab4866e1568af1f0084cab_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:053ad72159390ad37825015b051252dc162f46ebeeab4866e1568af1f0084cab_arm64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:053ad72159390ad37825015b051252dc162f46ebeeab4866e1568af1f0084cab_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3A053ad72159390ad37825015b051252dc162f46ebeeab4866e1568af1f0084cab?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854489"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:ca0284c10827905e1576ea0a01bb09425acbf96d30b2e556b34e22e2d0115196_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:ca0284c10827905e1576ea0a01bb09425acbf96d30b2e556b34e22e2d0115196_arm64",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:ca0284c10827905e1576ea0a01bb09425acbf96d30b2e556b34e22e2d0115196_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3Aca0284c10827905e1576ea0a01bb09425acbf96d30b2e556b34e22e2d0115196?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761855467"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:9bd2dd681994141e8566c1af858850b323def19b4ffbea2af12efd1d0e1015e9_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:9bd2dd681994141e8566c1af858850b323def19b4ffbea2af12efd1d0e1015e9_arm64",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:9bd2dd681994141e8566c1af858850b323def19b4ffbea2af12efd1d0e1015e9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A9bd2dd681994141e8566c1af858850b323def19b4ffbea2af12efd1d0e1015e9?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1761854524"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:74b1659b62a5d75ef62f8fc46701445a51a1e78e8d7d96ccccab47cdd67acacb_arm64",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:74b1659b62a5d75ef62f8fc46701445a51a1e78e8d7d96ccccab47cdd67acacb_arm64",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:74b1659b62a5d75ef62f8fc46701445a51a1e78e8d7d96ccccab47cdd67acacb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3A74b1659b62a5d75ef62f8fc46701445a51a1e78e8d7d96ccccab47cdd67acacb?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.18-1762335558"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:d273d52e59706f54e1f5382119db5f50b462281fba160dab6d85b57707b45eec_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:d273d52e59706f54e1f5382119db5f50b462281fba160dab6d85b57707b45eec_amd64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:d273d52e59706f54e1f5382119db5f50b462281fba160dab6d85b57707b45eec_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:5ee6284d6354e4e55f1ee7eb5a79b833aae6e31bf42bf185c4192e5d373f06e7_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:5ee6284d6354e4e55f1ee7eb5a79b833aae6e31bf42bf185c4192e5d373f06e7_amd64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:5ee6284d6354e4e55f1ee7eb5a79b833aae6e31bf42bf185c4192e5d373f06e7_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7c02ce667bc7b6693596ba249e34d7233a95fdb1966ce317927b2363518a564f_ppc64le as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7c02ce667bc7b6693596ba249e34d7233a95fdb1966ce317927b2363518a564f_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7c02ce667bc7b6693596ba249e34d7233a95fdb1966ce317927b2363518a564f_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:eb1067cf493864c4ca48459b2f9adf0964b3849564743a17e7a3686e925e448f_arm64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:eb1067cf493864c4ca48459b2f9adf0964b3849564743a17e7a3686e925e448f_arm64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:eb1067cf493864c4ca48459b2f9adf0964b3849564743a17e7a3686e925e448f_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:f4615211c16cc89f94043e2588400957b8fd225f233c86096542ac1364678cf4_s390x as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:f4615211c16cc89f94043e2588400957b8fd225f233c86096542ac1364678cf4_s390x"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:f4615211c16cc89f94043e2588400957b8fd225f233c86096542ac1364678cf4_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:1690d6c99f4626289bcdd78c8521edffb61c91da1a45aa2eb2b6ab2af137b7c1_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1690d6c99f4626289bcdd78c8521edffb61c91da1a45aa2eb2b6ab2af137b7c1_amd64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:1690d6c99f4626289bcdd78c8521edffb61c91da1a45aa2eb2b6ab2af137b7c1_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:1ff67f3ff46b59b86c2f29596008440da7da8d594005881c65d6d4ab645aefc6_ppc64le as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1ff67f3ff46b59b86c2f29596008440da7da8d594005881c65d6d4ab645aefc6_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:1ff67f3ff46b59b86c2f29596008440da7da8d594005881c65d6d4ab645aefc6_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:b251e7b26d4a6f3443d6d795a4d92992b5f79d56e5561477648eabae286d7641_s390x as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b251e7b26d4a6f3443d6d795a4d92992b5f79d56e5561477648eabae286d7641_s390x"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:b251e7b26d4a6f3443d6d795a4d92992b5f79d56e5561477648eabae286d7641_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:87f5569806a8960520bab78d69514f2e2061b2ad69040cf7c164a5037c27e6bf_ppc64le as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:87f5569806a8960520bab78d69514f2e2061b2ad69040cf7c164a5037c27e6bf_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:87f5569806a8960520bab78d69514f2e2061b2ad69040cf7c164a5037c27e6bf_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:c8dce4a25f10645edc649576e995b2b6619c8bc39c2c30d3cffbe3a3c3a86b35_s390x as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:c8dce4a25f10645edc649576e995b2b6619c8bc39c2c30d3cffbe3a3c3a86b35_s390x"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:c8dce4a25f10645edc649576e995b2b6619c8bc39c2c30d3cffbe3a3c3a86b35_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:e0d3839cbb1734c0e224e0c076c7c8b4d0e0888e31989b8a6a611418ea2c72bc_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:e0d3839cbb1734c0e224e0c076c7c8b4d0e0888e31989b8a6a611418ea2c72bc_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:e0d3839cbb1734c0e224e0c076c7c8b4d0e0888e31989b8a6a611418ea2c72bc_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:6d7720076a49e7e35b52a84c98d858a0c7b767ccad79ad3cfbf721419053669a_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-operator-bundle@sha256:6d7720076a49e7e35b52a84c98d858a0c7b767ccad79ad3cfbf721419053669a_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:6d7720076a49e7e35b52a84c98d858a0c7b767ccad79ad3cfbf721419053669a_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:00bdcca61bc8765fbbc838deeb86392ce25c72f0170241c270484ec9b77bd263_arm64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:00bdcca61bc8765fbbc838deeb86392ce25c72f0170241c270484ec9b77bd263_arm64"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:00bdcca61bc8765fbbc838deeb86392ce25c72f0170241c270484ec9b77bd263_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:852442ee591c566acde876d1101b89f6009f186f6f705bb128754b2ed0043d46_s390x as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:852442ee591c566acde876d1101b89f6009f186f6f705bb128754b2ed0043d46_s390x"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:852442ee591c566acde876d1101b89f6009f186f6f705bb128754b2ed0043d46_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:ac8d47727a66b68185bf77848b27b8e5a9c41a023cb6f424a75369b6e4b500a7_ppc64le as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:ac8d47727a66b68185bf77848b27b8e5a9c41a023cb6f424a75369b6e4b500a7_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:ac8d47727a66b68185bf77848b27b8e5a9c41a023cb6f424a75369b6e4b500a7_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c6eb556ecea92be74c6175061678d06bb3006a6ccfc5927d2327ddcf244c934b_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c6eb556ecea92be74c6175061678d06bb3006a6ccfc5927d2327ddcf244c934b_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c6eb556ecea92be74c6175061678d06bb3006a6ccfc5927d2327ddcf244c934b_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:37d0208891259e9d725fb4146d023c1f0cd0dafbff8e322b7c12621ea25f8c85_ppc64le as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:37d0208891259e9d725fb4146d023c1f0cd0dafbff8e322b7c12621ea25f8c85_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:37d0208891259e9d725fb4146d023c1f0cd0dafbff8e322b7c12621ea25f8c85_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49f1e7092bdd19f318580b3d4dfc37dbec8435f814b7d1b863ed34a6ba6157ee_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49f1e7092bdd19f318580b3d4dfc37dbec8435f814b7d1b863ed34a6ba6157ee_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49f1e7092bdd19f318580b3d4dfc37dbec8435f814b7d1b863ed34a6ba6157ee_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:e9f1e2743fe9930ccb470c6eb8d9e9577640fe6a9ab7a013648e513b6216fa74_s390x as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:e9f1e2743fe9930ccb470c6eb8d9e9577640fe6a9ab7a013648e513b6216fa74_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:e9f1e2743fe9930ccb470c6eb8d9e9577640fe6a9ab7a013648e513b6216fa74_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7f8435653f35ea08e5d5e7305a06ad3ebee9ddf04f8c03c3cb34fd6fe1f6f577_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7f8435653f35ea08e5d5e7305a06ad3ebee9ddf04f8c03c3cb34fd6fe1f6f577_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7f8435653f35ea08e5d5e7305a06ad3ebee9ddf04f8c03c3cb34fd6fe1f6f577_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2bd4927011a029a1dd7ba2baa2fdc759d431550879eddc8813d89cb44cdb2767_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2bd4927011a029a1dd7ba2baa2fdc759d431550879eddc8813d89cb44cdb2767_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2bd4927011a029a1dd7ba2baa2fdc759d431550879eddc8813d89cb44cdb2767_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:526abc72ccfa1729a5962911f92da64a3dda4a689421ecdb21c7ad2a049f53ef_ppc64le as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:526abc72ccfa1729a5962911f92da64a3dda4a689421ecdb21c7ad2a049f53ef_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:526abc72ccfa1729a5962911f92da64a3dda4a689421ecdb21c7ad2a049f53ef_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:a492d94ceced107b6b8dc7339cca181875d2245c5f8ac9ecc51979160a341d76_arm64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:a492d94ceced107b6b8dc7339cca181875d2245c5f8ac9ecc51979160a341d76_arm64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:a492d94ceced107b6b8dc7339cca181875d2245c5f8ac9ecc51979160a341d76_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:f588f9517ac72fb92989f929ad6e643440f709cb4d311974d0e201bfd6b17958_s390x as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:f588f9517ac72fb92989f929ad6e643440f709cb4d311974d0e201bfd6b17958_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:f588f9517ac72fb92989f929ad6e643440f709cb4d311974d0e201bfd6b17958_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5aad1d226292a42c700e97575eec56040108869acdcb720a9c5b32d02a0035b3_s390x as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5aad1d226292a42c700e97575eec56040108869acdcb720a9c5b32d02a0035b3_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5aad1d226292a42c700e97575eec56040108869acdcb720a9c5b32d02a0035b3_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:d40189f09ff39240e5e49412c1314d9911fcb957459c7496b215da8c9f758b8e_ppc64le as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:d40189f09ff39240e5e49412c1314d9911fcb957459c7496b215da8c9f758b8e_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:d40189f09ff39240e5e49412c1314d9911fcb957459c7496b215da8c9f758b8e_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:ecc54bc4e8be6f3bfade15c23827e84445acc12c63b4e133cee73e57ac5a42aa_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:ecc54bc4e8be6f3bfade15c23827e84445acc12c63b4e133cee73e57ac5a42aa_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:ecc54bc4e8be6f3bfade15c23827e84445acc12c63b4e133cee73e57ac5a42aa_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:08d6bef2c472ebd7918a9124ac40e6ac0b834df9a7b4a160f027f511345a7df7_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-operator-bundle@sha256:08d6bef2c472ebd7918a9124ac40e6ac0b834df9a7b4a160f027f511345a7df7_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:08d6bef2c472ebd7918a9124ac40e6ac0b834df9a7b4a160f027f511345a7df7_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2abd2d479416e66c6f85e4e883d5e4987bc38f476f907766374784107b89de9a_ppc64le as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2abd2d479416e66c6f85e4e883d5e4987bc38f476f907766374784107b89de9a_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2abd2d479416e66c6f85e4e883d5e4987bc38f476f907766374784107b89de9a_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2b5deb8c15ca85aec11aa24b3c7cdc200e7ece6b8e53cdf0b073898c8f3c87a5_arm64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2b5deb8c15ca85aec11aa24b3c7cdc200e7ece6b8e53cdf0b073898c8f3c87a5_arm64"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2b5deb8c15ca85aec11aa24b3c7cdc200e7ece6b8e53cdf0b073898c8f3c87a5_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4d0f4fe708b4aea53b1bbf71fb10a41fd50313d62fb380b7cafd6abb130b5024_s390x as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4d0f4fe708b4aea53b1bbf71fb10a41fd50313d62fb380b7cafd6abb130b5024_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4d0f4fe708b4aea53b1bbf71fb10a41fd50313d62fb380b7cafd6abb130b5024_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:d2cc16ec9cc1f40da3b1967bc9a7b208062c5bc4a2753213ae2c41c62c5115aa_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:d2cc16ec9cc1f40da3b1967bc9a7b208062c5bc4a2753213ae2c41c62c5115aa_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:d2cc16ec9cc1f40da3b1967bc9a7b208062c5bc4a2753213ae2c41c62c5115aa_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:0a5ac166f5ebddae21dcf2ce8a5932494209533ac4a92ff5551a402291f27ff9_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:0a5ac166f5ebddae21dcf2ce8a5932494209533ac4a92ff5551a402291f27ff9_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:0a5ac166f5ebddae21dcf2ce8a5932494209533ac4a92ff5551a402291f27ff9_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:c59f7905c54d41103305ecef9883cbe5f37f8a1921572773d9fd783c35026be3_s390x as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c59f7905c54d41103305ecef9883cbe5f37f8a1921572773d9fd783c35026be3_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:c59f7905c54d41103305ecef9883cbe5f37f8a1921572773d9fd783c35026be3_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:c786effa06598ecb80690644d1c9075588e123ad200db05686568a80a1feeb56_ppc64le as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c786effa06598ecb80690644d1c9075588e123ad200db05686568a80a1feeb56_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:c786effa06598ecb80690644d1c9075588e123ad200db05686568a80a1feeb56_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:cb4d70c84e2d58e9a4f8108a16ad6f7e1ab78fc4ef7a96dc96f8b5ba788ece0e_arm64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:cb4d70c84e2d58e9a4f8108a16ad6f7e1ab78fc4ef7a96dc96f8b5ba788ece0e_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:cb4d70c84e2d58e9a4f8108a16ad6f7e1ab78fc4ef7a96dc96f8b5ba788ece0e_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:65176cfc11dcc49e7b175404475dd0fcd9ad14e3b3e8ab85816cf52d64c51512_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:65176cfc11dcc49e7b175404475dd0fcd9ad14e3b3e8ab85816cf52d64c51512_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:65176cfc11dcc49e7b175404475dd0fcd9ad14e3b3e8ab85816cf52d64c51512_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:7ea7c9adce3bb022e345cffcb939e4d4d03e44717ac32a00cbef60d3fb5eb2b3_ppc64le as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:7ea7c9adce3bb022e345cffcb939e4d4d03e44717ac32a00cbef60d3fb5eb2b3_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:7ea7c9adce3bb022e345cffcb939e4d4d03e44717ac32a00cbef60d3fb5eb2b3_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:b14c3a7c4cc6531ed0d9701fe1b07ddc8c85e702ef8b058f0eaaadb1e8852a04_s390x as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:b14c3a7c4cc6531ed0d9701fe1b07ddc8c85e702ef8b058f0eaaadb1e8852a04_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:b14c3a7c4cc6531ed0d9701fe1b07ddc8c85e702ef8b058f0eaaadb1e8852a04_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:173a4998c70c4c8ff9d0d4f90fb48e8e3d3f8fbc4deeb4f742cbaa38dda61215_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:173a4998c70c4c8ff9d0d4f90fb48e8e3d3f8fbc4deeb4f742cbaa38dda61215_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:173a4998c70c4c8ff9d0d4f90fb48e8e3d3f8fbc4deeb4f742cbaa38dda61215_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:20c7a4f70f6000f204a3c53c153aaa3c08be94c98c09b90f538b2a19156a00e0_s390x as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:20c7a4f70f6000f204a3c53c153aaa3c08be94c98c09b90f538b2a19156a00e0_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:20c7a4f70f6000f204a3c53c153aaa3c08be94c98c09b90f538b2a19156a00e0_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:c5e4d50a9c4ee10b0e7f9bba3d4d21bf479b19423ef3e0530a6637be85acc1ed_ppc64le as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:c5e4d50a9c4ee10b0e7f9bba3d4d21bf479b19423ef3e0530a6637be85acc1ed_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:c5e4d50a9c4ee10b0e7f9bba3d4d21bf479b19423ef3e0530a6637be85acc1ed_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:d277d4fdca57ce067c39f039795be4890fa7fc8d38eccebad11a1d9597e87a20_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:d277d4fdca57ce067c39f039795be4890fa7fc8d38eccebad11a1d9597e87a20_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:d277d4fdca57ce067c39f039795be4890fa7fc8d38eccebad11a1d9597e87a20_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:599bfb2b83e095f88d90a408d4e8bf66bf10070255c5d174ca9ed8668111d25f_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:599bfb2b83e095f88d90a408d4e8bf66bf10070255c5d174ca9ed8668111d25f_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:599bfb2b83e095f88d90a408d4e8bf66bf10070255c5d174ca9ed8668111d25f_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b2fbb75c7054d13ff54575b398d6d70b5f0348c9777fcb88611b95c0dc18db4e_ppc64le as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b2fbb75c7054d13ff54575b398d6d70b5f0348c9777fcb88611b95c0dc18db4e_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b2fbb75c7054d13ff54575b398d6d70b5f0348c9777fcb88611b95c0dc18db4e_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:bdfb055790f5c58fd4d5699cdcb07151f4be909d920f3243d4610b74183a961d_arm64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:bdfb055790f5c58fd4d5699cdcb07151f4be909d920f3243d4610b74183a961d_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:bdfb055790f5c58fd4d5699cdcb07151f4be909d920f3243d4610b74183a961d_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:d56cef998bb118950349234aacabc55dd066bb065b3502206505b1f7b01534c4_s390x as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:d56cef998bb118950349234aacabc55dd066bb065b3502206505b1f7b01534c4_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:d56cef998bb118950349234aacabc55dd066bb065b3502206505b1f7b01534c4_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:40f8584e7ed0be1742fc3d40ee639dfd5323e38c55c7fcae4146d4246abf6cf0_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:40f8584e7ed0be1742fc3d40ee639dfd5323e38c55c7fcae4146d4246abf6cf0_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:40f8584e7ed0be1742fc3d40ee639dfd5323e38c55c7fcae4146d4246abf6cf0_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c8def04b4b3d5eb619a67c199c543e637582bfd8dbf59785bc7ebdb190a6511_ppc64le as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c8def04b4b3d5eb619a67c199c543e637582bfd8dbf59785bc7ebdb190a6511_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c8def04b4b3d5eb619a67c199c543e637582bfd8dbf59785bc7ebdb190a6511_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4da2afb698447df4a45a8bc1b479e57a5da7cd7a3ace09e131717a31155ec8a5_s390x as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4da2afb698447df4a45a8bc1b479e57a5da7cd7a3ace09e131717a31155ec8a5_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4da2afb698447df4a45a8bc1b479e57a5da7cd7a3ace09e131717a31155ec8a5_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:95172347459900115fd67d22daa025b8545a9ee9ec05d1098f9196710c720d76_arm64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:95172347459900115fd67d22daa025b8545a9ee9ec05d1098f9196710c720d76_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:95172347459900115fd67d22daa025b8545a9ee9ec05d1098f9196710c720d76_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:3db3d6a4b9ff4b4b17784d1e1390fcd8888d87f827a726b6cbafe6977d10230b_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:3db3d6a4b9ff4b4b17784d1e1390fcd8888d87f827a726b6cbafe6977d10230b_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:3db3d6a4b9ff4b4b17784d1e1390fcd8888d87f827a726b6cbafe6977d10230b_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:116f99072859f76161266a538d92d7e19e3b463fc18e6084cf7faf7a6b311116_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:116f99072859f76161266a538d92d7e19e3b463fc18e6084cf7faf7a6b311116_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:116f99072859f76161266a538d92d7e19e3b463fc18e6084cf7faf7a6b311116_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c5b233911109f0a218b634d8d317229a3949b2ea5936b7ec91ebfcdd6f15060_s390x as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c5b233911109f0a218b634d8d317229a3949b2ea5936b7ec91ebfcdd6f15060_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c5b233911109f0a218b634d8d317229a3949b2ea5936b7ec91ebfcdd6f15060_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:da96f0e217a418accd74f8958444423cb4baca7311ee8d3bf70d22c42597f5cb_ppc64le as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:da96f0e217a418accd74f8958444423cb4baca7311ee8d3bf70d22c42597f5cb_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:da96f0e217a418accd74f8958444423cb4baca7311ee8d3bf70d22c42597f5cb_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d719d402444a60324cf1d9f7aaadfd49bcc1e9ed725a39e08ea317336bddbb67_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d719d402444a60324cf1d9f7aaadfd49bcc1e9ed725a39e08ea317336bddbb67_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d719d402444a60324cf1d9f7aaadfd49bcc1e9ed725a39e08ea317336bddbb67_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:053ad72159390ad37825015b051252dc162f46ebeeab4866e1568af1f0084cab_arm64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:053ad72159390ad37825015b051252dc162f46ebeeab4866e1568af1f0084cab_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:053ad72159390ad37825015b051252dc162f46ebeeab4866e1568af1f0084cab_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:228bbd789e0de72a48a3673fab02aa53b14485fce3b27d2e4cd30eb30f5ac1b6_s390x as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:228bbd789e0de72a48a3673fab02aa53b14485fce3b27d2e4cd30eb30f5ac1b6_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:228bbd789e0de72a48a3673fab02aa53b14485fce3b27d2e4cd30eb30f5ac1b6_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d72bc2058e6fe68d79add2423d6ec95baf531f4d3e6a542f6e9d9a07f52bd9c9_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d72bc2058e6fe68d79add2423d6ec95baf531f4d3e6a542f6e9d9a07f52bd9c9_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d72bc2058e6fe68d79add2423d6ec95baf531f4d3e6a542f6e9d9a07f52bd9c9_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:ea4c2c1e333eb04d8d5514d255336aa7f0d20fa462b595ebcadcf2929acf9909_ppc64le as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:ea4c2c1e333eb04d8d5514d255336aa7f0d20fa462b595ebcadcf2929acf9909_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:ea4c2c1e333eb04d8d5514d255336aa7f0d20fa462b595ebcadcf2929acf9909_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:1645b8ebfe127ec4a9b8c7c7a2d2ae6723bf1c02d49920a7f579197e8d21366f_ppc64le as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:1645b8ebfe127ec4a9b8c7c7a2d2ae6723bf1c02d49920a7f579197e8d21366f_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:1645b8ebfe127ec4a9b8c7c7a2d2ae6723bf1c02d49920a7f579197e8d21366f_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:9164cc380719f38594bfef8cd590c16c53b066809ceecfc04ebef36355f42ce9_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:9164cc380719f38594bfef8cd590c16c53b066809ceecfc04ebef36355f42ce9_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:9164cc380719f38594bfef8cd590c16c53b066809ceecfc04ebef36355f42ce9_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:ca0284c10827905e1576ea0a01bb09425acbf96d30b2e556b34e22e2d0115196_arm64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:ca0284c10827905e1576ea0a01bb09425acbf96d30b2e556b34e22e2d0115196_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:ca0284c10827905e1576ea0a01bb09425acbf96d30b2e556b34e22e2d0115196_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:eb4386e6dfb4a2277085dbc44190243c40d973b80e9985fe42378098eb35e6e7_s390x as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:eb4386e6dfb4a2277085dbc44190243c40d973b80e9985fe42378098eb35e6e7_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:eb4386e6dfb4a2277085dbc44190243c40d973b80e9985fe42378098eb35e6e7_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:2e8752ff9ae05a7ed9a3ed160681c17c8e5ffaf5b46b9ec37f7cbb6938388c8b_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-operator-bundle@sha256:2e8752ff9ae05a7ed9a3ed160681c17c8e5ffaf5b46b9ec37f7cbb6938388c8b_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-operator-bundle@sha256:2e8752ff9ae05a7ed9a3ed160681c17c8e5ffaf5b46b9ec37f7cbb6938388c8b_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:9dd75502bd5db692f56e9f7e3fdbc0198c1767fa24b0bbfda380579506db6e4f_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:9dd75502bd5db692f56e9f7e3fdbc0198c1767fa24b0bbfda380579506db6e4f_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:9dd75502bd5db692f56e9f7e3fdbc0198c1767fa24b0bbfda380579506db6e4f_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:1d10099e7b5e3a3c4444569f6af365f90494c71b758aad1dad53f5aecf788ca5_s390x as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1d10099e7b5e3a3c4444569f6af365f90494c71b758aad1dad53f5aecf788ca5_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:1d10099e7b5e3a3c4444569f6af365f90494c71b758aad1dad53f5aecf788ca5_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:65c4003dfb7180e015ec74fe9e599bcc313501ab9b9c67d61fc59a68e6c89349_ppc64le as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:65c4003dfb7180e015ec74fe9e599bcc313501ab9b9c67d61fc59a68e6c89349_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:65c4003dfb7180e015ec74fe9e599bcc313501ab9b9c67d61fc59a68e6c89349_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:9bd2dd681994141e8566c1af858850b323def19b4ffbea2af12efd1d0e1015e9_arm64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:9bd2dd681994141e8566c1af858850b323def19b4ffbea2af12efd1d0e1015e9_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:9bd2dd681994141e8566c1af858850b323def19b4ffbea2af12efd1d0e1015e9_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:c988f8015f90581e97bb97210853d417b7f090e62d39a0469865e1628a9dbbd3_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c988f8015f90581e97bb97210853d417b7f090e62d39a0469865e1628a9dbbd3_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:c988f8015f90581e97bb97210853d417b7f090e62d39a0469865e1628a9dbbd3_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:141b7b2c681d3313e3b09a77766f1babf684864433c3a1ae142085a69899e492_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:141b7b2c681d3313e3b09a77766f1babf684864433c3a1ae142085a69899e492_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:141b7b2c681d3313e3b09a77766f1babf684864433c3a1ae142085a69899e492_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:c869330faff69d3c83411b4b4c7551d6f082511c8d816e7947b4591fd6b0f7b5_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:c869330faff69d3c83411b4b4c7551d6f082511c8d816e7947b4591fd6b0f7b5_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:c869330faff69d3c83411b4b4c7551d6f082511c8d816e7947b4591fd6b0f7b5_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:584286170d5b1bb360fda36d9ec705cacf96177799d47b3e3dc7ec506e4d7579_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:584286170d5b1bb360fda36d9ec705cacf96177799d47b3e3dc7ec506e4d7579_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:584286170d5b1bb360fda36d9ec705cacf96177799d47b3e3dc7ec506e4d7579_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:2987990bc63fa58ced038084921bdf168a017bd0b94b296a7c79dc264388339a_s390x as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:2987990bc63fa58ced038084921bdf168a017bd0b94b296a7c79dc264388339a_s390x"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:2987990bc63fa58ced038084921bdf168a017bd0b94b296a7c79dc264388339a_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:66e773cf82a564ebe81af3d5206e6b24ddf9559ccb1e9f90646f0203b5da6863_ppc64le as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:66e773cf82a564ebe81af3d5206e6b24ddf9559ccb1e9f90646f0203b5da6863_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:66e773cf82a564ebe81af3d5206e6b24ddf9559ccb1e9f90646f0203b5da6863_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:74b1659b62a5d75ef62f8fc46701445a51a1e78e8d7d96ccccab47cdd67acacb_arm64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:74b1659b62a5d75ef62f8fc46701445a51a1e78e8d7d96ccccab47cdd67acacb_arm64"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:74b1659b62a5d75ef62f8fc46701445a51a1e78e8d7d96ccccab47cdd67acacb_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:83746838d5b190c09d22dd1cc34c7d4822022534c624be10854bd9b660713932_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:83746838d5b190c09d22dd1cc34c7d4822022534c624be10854bd9b660713932_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:83746838d5b190c09d22dd1cc34c7d4822022534c624be10854bd9b660713932_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2c723b07206550b1fc1ec2df455931b93f84caabbc41784741f539579ea99dd3_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2c723b07206550b1fc1ec2df455931b93f84caabbc41784741f539579ea99dd3_amd64"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2c723b07206550b1fc1ec2df455931b93f84caabbc41784741f539579ea99dd3_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:25b4647a37692cde90c499460a62a78342827265992adc0740bef650028fc2df_ppc64le as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:25b4647a37692cde90c499460a62a78342827265992adc0740bef650028fc2df_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:25b4647a37692cde90c499460a62a78342827265992adc0740bef650028fc2df_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f0fc8196ffce6f355f06c0157a38e36109eaa9be1f3e91ad71fdd72bc33ee509_amd64 as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f0fc8196ffce6f355f06c0157a38e36109eaa9be1f3e91ad71fdd72bc33ee509_amd64"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f0fc8196ffce6f355f06c0157a38e36109eaa9be1f3e91ad71fdd72bc33ee509_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:fdb74e11ba60926cf6abfe7898ffec199d3efe07fb0273e794ba4e10c9f7ad70_s390x as a component of Red Hat Openshift Data Foundation 4.18",
"product_id": "Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:fdb74e11ba60926cf6abfe7898ffec199d3efe07fb0273e794ba4e10c9f7ad70_s390x"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:fdb74e11ba60926cf6abfe7898ffec199d3efe07fb0273e794ba4e10c9f7ad70_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.18"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-0155",
"cwe": {
"id": "CWE-359",
"name": "Exposure of Private Personal Information to an Unauthorized Actor"
},
"discovery_date": "2021-01-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:d273d52e59706f54e1f5382119db5f50b462281fba160dab6d85b57707b45eec_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-operator-bundle@sha256:6d7720076a49e7e35b52a84c98d858a0c7b767ccad79ad3cfbf721419053669a_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7f8435653f35ea08e5d5e7305a06ad3ebee9ddf04f8c03c3cb34fd6fe1f6f577_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-operator-bundle@sha256:08d6bef2c472ebd7918a9124ac40e6ac0b834df9a7b4a160f027f511345a7df7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:d277d4fdca57ce067c39f039795be4890fa7fc8d38eccebad11a1d9597e87a20_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:3db3d6a4b9ff4b4b17784d1e1390fcd8888d87f827a726b6cbafe6977d10230b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d719d402444a60324cf1d9f7aaadfd49bcc1e9ed725a39e08ea317336bddbb67_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-operator-bundle@sha256:2e8752ff9ae05a7ed9a3ed160681c17c8e5ffaf5b46b9ec37f7cbb6938388c8b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:9dd75502bd5db692f56e9f7e3fdbc0198c1767fa24b0bbfda380579506db6e4f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:141b7b2c681d3313e3b09a77766f1babf684864433c3a1ae142085a69899e492_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:c869330faff69d3c83411b4b4c7551d6f082511c8d816e7947b4591fd6b0f7b5_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:584286170d5b1bb360fda36d9ec705cacf96177799d47b3e3dc7ec506e4d7579_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2c723b07206550b1fc1ec2df455931b93f84caabbc41784741f539579ea99dd3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044556"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in follow-redirects when fetching a remote URL with a cookie when it gets to the Location response header. This flaw allows an attacker to hijack the account as the cookie is leaked.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:5ee6284d6354e4e55f1ee7eb5a79b833aae6e31bf42bf185c4192e5d373f06e7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7c02ce667bc7b6693596ba249e34d7233a95fdb1966ce317927b2363518a564f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:eb1067cf493864c4ca48459b2f9adf0964b3849564743a17e7a3686e925e448f_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:f4615211c16cc89f94043e2588400957b8fd225f233c86096542ac1364678cf4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1690d6c99f4626289bcdd78c8521edffb61c91da1a45aa2eb2b6ab2af137b7c1_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1ff67f3ff46b59b86c2f29596008440da7da8d594005881c65d6d4ab645aefc6_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b251e7b26d4a6f3443d6d795a4d92992b5f79d56e5561477648eabae286d7641_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:87f5569806a8960520bab78d69514f2e2061b2ad69040cf7c164a5037c27e6bf_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:c8dce4a25f10645edc649576e995b2b6619c8bc39c2c30d3cffbe3a3c3a86b35_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:e0d3839cbb1734c0e224e0c076c7c8b4d0e0888e31989b8a6a611418ea2c72bc_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:00bdcca61bc8765fbbc838deeb86392ce25c72f0170241c270484ec9b77bd263_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:852442ee591c566acde876d1101b89f6009f186f6f705bb128754b2ed0043d46_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:ac8d47727a66b68185bf77848b27b8e5a9c41a023cb6f424a75369b6e4b500a7_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c6eb556ecea92be74c6175061678d06bb3006a6ccfc5927d2327ddcf244c934b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:37d0208891259e9d725fb4146d023c1f0cd0dafbff8e322b7c12621ea25f8c85_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49f1e7092bdd19f318580b3d4dfc37dbec8435f814b7d1b863ed34a6ba6157ee_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:e9f1e2743fe9930ccb470c6eb8d9e9577640fe6a9ab7a013648e513b6216fa74_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2bd4927011a029a1dd7ba2baa2fdc759d431550879eddc8813d89cb44cdb2767_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:526abc72ccfa1729a5962911f92da64a3dda4a689421ecdb21c7ad2a049f53ef_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:a492d94ceced107b6b8dc7339cca181875d2245c5f8ac9ecc51979160a341d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:f588f9517ac72fb92989f929ad6e643440f709cb4d311974d0e201bfd6b17958_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5aad1d226292a42c700e97575eec56040108869acdcb720a9c5b32d02a0035b3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:d40189f09ff39240e5e49412c1314d9911fcb957459c7496b215da8c9f758b8e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:ecc54bc4e8be6f3bfade15c23827e84445acc12c63b4e133cee73e57ac5a42aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2abd2d479416e66c6f85e4e883d5e4987bc38f476f907766374784107b89de9a_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2b5deb8c15ca85aec11aa24b3c7cdc200e7ece6b8e53cdf0b073898c8f3c87a5_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4d0f4fe708b4aea53b1bbf71fb10a41fd50313d62fb380b7cafd6abb130b5024_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:d2cc16ec9cc1f40da3b1967bc9a7b208062c5bc4a2753213ae2c41c62c5115aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:0a5ac166f5ebddae21dcf2ce8a5932494209533ac4a92ff5551a402291f27ff9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c59f7905c54d41103305ecef9883cbe5f37f8a1921572773d9fd783c35026be3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c786effa06598ecb80690644d1c9075588e123ad200db05686568a80a1feeb56_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:cb4d70c84e2d58e9a4f8108a16ad6f7e1ab78fc4ef7a96dc96f8b5ba788ece0e_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:65176cfc11dcc49e7b175404475dd0fcd9ad14e3b3e8ab85816cf52d64c51512_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:7ea7c9adce3bb022e345cffcb939e4d4d03e44717ac32a00cbef60d3fb5eb2b3_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:b14c3a7c4cc6531ed0d9701fe1b07ddc8c85e702ef8b058f0eaaadb1e8852a04_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:173a4998c70c4c8ff9d0d4f90fb48e8e3d3f8fbc4deeb4f742cbaa38dda61215_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:20c7a4f70f6000f204a3c53c153aaa3c08be94c98c09b90f538b2a19156a00e0_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:c5e4d50a9c4ee10b0e7f9bba3d4d21bf479b19423ef3e0530a6637be85acc1ed_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:599bfb2b83e095f88d90a408d4e8bf66bf10070255c5d174ca9ed8668111d25f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b2fbb75c7054d13ff54575b398d6d70b5f0348c9777fcb88611b95c0dc18db4e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:bdfb055790f5c58fd4d5699cdcb07151f4be909d920f3243d4610b74183a961d_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:d56cef998bb118950349234aacabc55dd066bb065b3502206505b1f7b01534c4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:40f8584e7ed0be1742fc3d40ee639dfd5323e38c55c7fcae4146d4246abf6cf0_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c8def04b4b3d5eb619a67c199c543e637582bfd8dbf59785bc7ebdb190a6511_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4da2afb698447df4a45a8bc1b479e57a5da7cd7a3ace09e131717a31155ec8a5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:95172347459900115fd67d22daa025b8545a9ee9ec05d1098f9196710c720d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:116f99072859f76161266a538d92d7e19e3b463fc18e6084cf7faf7a6b311116_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c5b233911109f0a218b634d8d317229a3949b2ea5936b7ec91ebfcdd6f15060_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:da96f0e217a418accd74f8958444423cb4baca7311ee8d3bf70d22c42597f5cb_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:053ad72159390ad37825015b051252dc162f46ebeeab4866e1568af1f0084cab_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:228bbd789e0de72a48a3673fab02aa53b14485fce3b27d2e4cd30eb30f5ac1b6_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d72bc2058e6fe68d79add2423d6ec95baf531f4d3e6a542f6e9d9a07f52bd9c9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:ea4c2c1e333eb04d8d5514d255336aa7f0d20fa462b595ebcadcf2929acf9909_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:1645b8ebfe127ec4a9b8c7c7a2d2ae6723bf1c02d49920a7f579197e8d21366f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:9164cc380719f38594bfef8cd590c16c53b066809ceecfc04ebef36355f42ce9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:ca0284c10827905e1576ea0a01bb09425acbf96d30b2e556b34e22e2d0115196_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:eb4386e6dfb4a2277085dbc44190243c40d973b80e9985fe42378098eb35e6e7_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1d10099e7b5e3a3c4444569f6af365f90494c71b758aad1dad53f5aecf788ca5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:65c4003dfb7180e015ec74fe9e599bcc313501ab9b9c67d61fc59a68e6c89349_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:9bd2dd681994141e8566c1af858850b323def19b4ffbea2af12efd1d0e1015e9_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c988f8015f90581e97bb97210853d417b7f090e62d39a0469865e1628a9dbbd3_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:2987990bc63fa58ced038084921bdf168a017bd0b94b296a7c79dc264388339a_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:66e773cf82a564ebe81af3d5206e6b24ddf9559ccb1e9f90646f0203b5da6863_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:74b1659b62a5d75ef62f8fc46701445a51a1e78e8d7d96ccccab47cdd67acacb_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:83746838d5b190c09d22dd1cc34c7d4822022534c624be10854bd9b660713932_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:25b4647a37692cde90c499460a62a78342827265992adc0740bef650028fc2df_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f0fc8196ffce6f355f06c0157a38e36109eaa9be1f3e91ad71fdd72bc33ee509_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:fdb74e11ba60926cf6abfe7898ffec199d3efe07fb0273e794ba4e10c9f7ad70_s390x"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:d273d52e59706f54e1f5382119db5f50b462281fba160dab6d85b57707b45eec_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-operator-bundle@sha256:6d7720076a49e7e35b52a84c98d858a0c7b767ccad79ad3cfbf721419053669a_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7f8435653f35ea08e5d5e7305a06ad3ebee9ddf04f8c03c3cb34fd6fe1f6f577_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-operator-bundle@sha256:08d6bef2c472ebd7918a9124ac40e6ac0b834df9a7b4a160f027f511345a7df7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:d277d4fdca57ce067c39f039795be4890fa7fc8d38eccebad11a1d9597e87a20_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:3db3d6a4b9ff4b4b17784d1e1390fcd8888d87f827a726b6cbafe6977d10230b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d719d402444a60324cf1d9f7aaadfd49bcc1e9ed725a39e08ea317336bddbb67_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-operator-bundle@sha256:2e8752ff9ae05a7ed9a3ed160681c17c8e5ffaf5b46b9ec37f7cbb6938388c8b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:9dd75502bd5db692f56e9f7e3fdbc0198c1767fa24b0bbfda380579506db6e4f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:141b7b2c681d3313e3b09a77766f1babf684864433c3a1ae142085a69899e492_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:c869330faff69d3c83411b4b4c7551d6f082511c8d816e7947b4591fd6b0f7b5_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:584286170d5b1bb360fda36d9ec705cacf96177799d47b3e3dc7ec506e4d7579_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2c723b07206550b1fc1ec2df455931b93f84caabbc41784741f539579ea99dd3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0155"
},
{
"category": "external",
"summary": "RHBZ#2044556",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044556"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0155",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0155"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0155",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0155"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406/",
"url": "https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406/"
}
],
"release_date": "2022-01-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-13T17:36:32+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.18/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:5ee6284d6354e4e55f1ee7eb5a79b833aae6e31bf42bf185c4192e5d373f06e7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7c02ce667bc7b6693596ba249e34d7233a95fdb1966ce317927b2363518a564f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:eb1067cf493864c4ca48459b2f9adf0964b3849564743a17e7a3686e925e448f_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:f4615211c16cc89f94043e2588400957b8fd225f233c86096542ac1364678cf4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1690d6c99f4626289bcdd78c8521edffb61c91da1a45aa2eb2b6ab2af137b7c1_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1ff67f3ff46b59b86c2f29596008440da7da8d594005881c65d6d4ab645aefc6_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b251e7b26d4a6f3443d6d795a4d92992b5f79d56e5561477648eabae286d7641_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:87f5569806a8960520bab78d69514f2e2061b2ad69040cf7c164a5037c27e6bf_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:c8dce4a25f10645edc649576e995b2b6619c8bc39c2c30d3cffbe3a3c3a86b35_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:e0d3839cbb1734c0e224e0c076c7c8b4d0e0888e31989b8a6a611418ea2c72bc_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:00bdcca61bc8765fbbc838deeb86392ce25c72f0170241c270484ec9b77bd263_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:852442ee591c566acde876d1101b89f6009f186f6f705bb128754b2ed0043d46_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:ac8d47727a66b68185bf77848b27b8e5a9c41a023cb6f424a75369b6e4b500a7_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c6eb556ecea92be74c6175061678d06bb3006a6ccfc5927d2327ddcf244c934b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:37d0208891259e9d725fb4146d023c1f0cd0dafbff8e322b7c12621ea25f8c85_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49f1e7092bdd19f318580b3d4dfc37dbec8435f814b7d1b863ed34a6ba6157ee_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:e9f1e2743fe9930ccb470c6eb8d9e9577640fe6a9ab7a013648e513b6216fa74_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2bd4927011a029a1dd7ba2baa2fdc759d431550879eddc8813d89cb44cdb2767_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:526abc72ccfa1729a5962911f92da64a3dda4a689421ecdb21c7ad2a049f53ef_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:a492d94ceced107b6b8dc7339cca181875d2245c5f8ac9ecc51979160a341d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:f588f9517ac72fb92989f929ad6e643440f709cb4d311974d0e201bfd6b17958_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5aad1d226292a42c700e97575eec56040108869acdcb720a9c5b32d02a0035b3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:d40189f09ff39240e5e49412c1314d9911fcb957459c7496b215da8c9f758b8e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:ecc54bc4e8be6f3bfade15c23827e84445acc12c63b4e133cee73e57ac5a42aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2abd2d479416e66c6f85e4e883d5e4987bc38f476f907766374784107b89de9a_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2b5deb8c15ca85aec11aa24b3c7cdc200e7ece6b8e53cdf0b073898c8f3c87a5_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4d0f4fe708b4aea53b1bbf71fb10a41fd50313d62fb380b7cafd6abb130b5024_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:d2cc16ec9cc1f40da3b1967bc9a7b208062c5bc4a2753213ae2c41c62c5115aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:0a5ac166f5ebddae21dcf2ce8a5932494209533ac4a92ff5551a402291f27ff9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c59f7905c54d41103305ecef9883cbe5f37f8a1921572773d9fd783c35026be3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c786effa06598ecb80690644d1c9075588e123ad200db05686568a80a1feeb56_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:cb4d70c84e2d58e9a4f8108a16ad6f7e1ab78fc4ef7a96dc96f8b5ba788ece0e_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:65176cfc11dcc49e7b175404475dd0fcd9ad14e3b3e8ab85816cf52d64c51512_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:7ea7c9adce3bb022e345cffcb939e4d4d03e44717ac32a00cbef60d3fb5eb2b3_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:b14c3a7c4cc6531ed0d9701fe1b07ddc8c85e702ef8b058f0eaaadb1e8852a04_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:173a4998c70c4c8ff9d0d4f90fb48e8e3d3f8fbc4deeb4f742cbaa38dda61215_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:20c7a4f70f6000f204a3c53c153aaa3c08be94c98c09b90f538b2a19156a00e0_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:c5e4d50a9c4ee10b0e7f9bba3d4d21bf479b19423ef3e0530a6637be85acc1ed_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:599bfb2b83e095f88d90a408d4e8bf66bf10070255c5d174ca9ed8668111d25f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b2fbb75c7054d13ff54575b398d6d70b5f0348c9777fcb88611b95c0dc18db4e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:bdfb055790f5c58fd4d5699cdcb07151f4be909d920f3243d4610b74183a961d_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:d56cef998bb118950349234aacabc55dd066bb065b3502206505b1f7b01534c4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:40f8584e7ed0be1742fc3d40ee639dfd5323e38c55c7fcae4146d4246abf6cf0_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c8def04b4b3d5eb619a67c199c543e637582bfd8dbf59785bc7ebdb190a6511_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4da2afb698447df4a45a8bc1b479e57a5da7cd7a3ace09e131717a31155ec8a5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:95172347459900115fd67d22daa025b8545a9ee9ec05d1098f9196710c720d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:116f99072859f76161266a538d92d7e19e3b463fc18e6084cf7faf7a6b311116_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c5b233911109f0a218b634d8d317229a3949b2ea5936b7ec91ebfcdd6f15060_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:da96f0e217a418accd74f8958444423cb4baca7311ee8d3bf70d22c42597f5cb_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:053ad72159390ad37825015b051252dc162f46ebeeab4866e1568af1f0084cab_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:228bbd789e0de72a48a3673fab02aa53b14485fce3b27d2e4cd30eb30f5ac1b6_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d72bc2058e6fe68d79add2423d6ec95baf531f4d3e6a542f6e9d9a07f52bd9c9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:ea4c2c1e333eb04d8d5514d255336aa7f0d20fa462b595ebcadcf2929acf9909_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:1645b8ebfe127ec4a9b8c7c7a2d2ae6723bf1c02d49920a7f579197e8d21366f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:9164cc380719f38594bfef8cd590c16c53b066809ceecfc04ebef36355f42ce9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:ca0284c10827905e1576ea0a01bb09425acbf96d30b2e556b34e22e2d0115196_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:eb4386e6dfb4a2277085dbc44190243c40d973b80e9985fe42378098eb35e6e7_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1d10099e7b5e3a3c4444569f6af365f90494c71b758aad1dad53f5aecf788ca5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:65c4003dfb7180e015ec74fe9e599bcc313501ab9b9c67d61fc59a68e6c89349_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:9bd2dd681994141e8566c1af858850b323def19b4ffbea2af12efd1d0e1015e9_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c988f8015f90581e97bb97210853d417b7f090e62d39a0469865e1628a9dbbd3_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:2987990bc63fa58ced038084921bdf168a017bd0b94b296a7c79dc264388339a_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:66e773cf82a564ebe81af3d5206e6b24ddf9559ccb1e9f90646f0203b5da6863_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:74b1659b62a5d75ef62f8fc46701445a51a1e78e8d7d96ccccab47cdd67acacb_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:83746838d5b190c09d22dd1cc34c7d4822022534c624be10854bd9b660713932_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:25b4647a37692cde90c499460a62a78342827265992adc0740bef650028fc2df_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f0fc8196ffce6f355f06c0157a38e36109eaa9be1f3e91ad71fdd72bc33ee509_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:fdb74e11ba60926cf6abfe7898ffec199d3efe07fb0273e794ba4e10c9f7ad70_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21368"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:d273d52e59706f54e1f5382119db5f50b462281fba160dab6d85b57707b45eec_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:5ee6284d6354e4e55f1ee7eb5a79b833aae6e31bf42bf185c4192e5d373f06e7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7c02ce667bc7b6693596ba249e34d7233a95fdb1966ce317927b2363518a564f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:eb1067cf493864c4ca48459b2f9adf0964b3849564743a17e7a3686e925e448f_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:f4615211c16cc89f94043e2588400957b8fd225f233c86096542ac1364678cf4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1690d6c99f4626289bcdd78c8521edffb61c91da1a45aa2eb2b6ab2af137b7c1_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1ff67f3ff46b59b86c2f29596008440da7da8d594005881c65d6d4ab645aefc6_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b251e7b26d4a6f3443d6d795a4d92992b5f79d56e5561477648eabae286d7641_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:87f5569806a8960520bab78d69514f2e2061b2ad69040cf7c164a5037c27e6bf_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:c8dce4a25f10645edc649576e995b2b6619c8bc39c2c30d3cffbe3a3c3a86b35_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:e0d3839cbb1734c0e224e0c076c7c8b4d0e0888e31989b8a6a611418ea2c72bc_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-operator-bundle@sha256:6d7720076a49e7e35b52a84c98d858a0c7b767ccad79ad3cfbf721419053669a_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:00bdcca61bc8765fbbc838deeb86392ce25c72f0170241c270484ec9b77bd263_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:852442ee591c566acde876d1101b89f6009f186f6f705bb128754b2ed0043d46_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:ac8d47727a66b68185bf77848b27b8e5a9c41a023cb6f424a75369b6e4b500a7_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c6eb556ecea92be74c6175061678d06bb3006a6ccfc5927d2327ddcf244c934b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:37d0208891259e9d725fb4146d023c1f0cd0dafbff8e322b7c12621ea25f8c85_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49f1e7092bdd19f318580b3d4dfc37dbec8435f814b7d1b863ed34a6ba6157ee_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:e9f1e2743fe9930ccb470c6eb8d9e9577640fe6a9ab7a013648e513b6216fa74_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7f8435653f35ea08e5d5e7305a06ad3ebee9ddf04f8c03c3cb34fd6fe1f6f577_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2bd4927011a029a1dd7ba2baa2fdc759d431550879eddc8813d89cb44cdb2767_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:526abc72ccfa1729a5962911f92da64a3dda4a689421ecdb21c7ad2a049f53ef_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:a492d94ceced107b6b8dc7339cca181875d2245c5f8ac9ecc51979160a341d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:f588f9517ac72fb92989f929ad6e643440f709cb4d311974d0e201bfd6b17958_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5aad1d226292a42c700e97575eec56040108869acdcb720a9c5b32d02a0035b3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:d40189f09ff39240e5e49412c1314d9911fcb957459c7496b215da8c9f758b8e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:ecc54bc4e8be6f3bfade15c23827e84445acc12c63b4e133cee73e57ac5a42aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-operator-bundle@sha256:08d6bef2c472ebd7918a9124ac40e6ac0b834df9a7b4a160f027f511345a7df7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2abd2d479416e66c6f85e4e883d5e4987bc38f476f907766374784107b89de9a_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2b5deb8c15ca85aec11aa24b3c7cdc200e7ece6b8e53cdf0b073898c8f3c87a5_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4d0f4fe708b4aea53b1bbf71fb10a41fd50313d62fb380b7cafd6abb130b5024_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:d2cc16ec9cc1f40da3b1967bc9a7b208062c5bc4a2753213ae2c41c62c5115aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:0a5ac166f5ebddae21dcf2ce8a5932494209533ac4a92ff5551a402291f27ff9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c59f7905c54d41103305ecef9883cbe5f37f8a1921572773d9fd783c35026be3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c786effa06598ecb80690644d1c9075588e123ad200db05686568a80a1feeb56_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:cb4d70c84e2d58e9a4f8108a16ad6f7e1ab78fc4ef7a96dc96f8b5ba788ece0e_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:65176cfc11dcc49e7b175404475dd0fcd9ad14e3b3e8ab85816cf52d64c51512_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:7ea7c9adce3bb022e345cffcb939e4d4d03e44717ac32a00cbef60d3fb5eb2b3_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:b14c3a7c4cc6531ed0d9701fe1b07ddc8c85e702ef8b058f0eaaadb1e8852a04_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:173a4998c70c4c8ff9d0d4f90fb48e8e3d3f8fbc4deeb4f742cbaa38dda61215_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:20c7a4f70f6000f204a3c53c153aaa3c08be94c98c09b90f538b2a19156a00e0_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:c5e4d50a9c4ee10b0e7f9bba3d4d21bf479b19423ef3e0530a6637be85acc1ed_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:d277d4fdca57ce067c39f039795be4890fa7fc8d38eccebad11a1d9597e87a20_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:599bfb2b83e095f88d90a408d4e8bf66bf10070255c5d174ca9ed8668111d25f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b2fbb75c7054d13ff54575b398d6d70b5f0348c9777fcb88611b95c0dc18db4e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:bdfb055790f5c58fd4d5699cdcb07151f4be909d920f3243d4610b74183a961d_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:d56cef998bb118950349234aacabc55dd066bb065b3502206505b1f7b01534c4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:40f8584e7ed0be1742fc3d40ee639dfd5323e38c55c7fcae4146d4246abf6cf0_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c8def04b4b3d5eb619a67c199c543e637582bfd8dbf59785bc7ebdb190a6511_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4da2afb698447df4a45a8bc1b479e57a5da7cd7a3ace09e131717a31155ec8a5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:95172347459900115fd67d22daa025b8545a9ee9ec05d1098f9196710c720d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:3db3d6a4b9ff4b4b17784d1e1390fcd8888d87f827a726b6cbafe6977d10230b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:116f99072859f76161266a538d92d7e19e3b463fc18e6084cf7faf7a6b311116_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c5b233911109f0a218b634d8d317229a3949b2ea5936b7ec91ebfcdd6f15060_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:da96f0e217a418accd74f8958444423cb4baca7311ee8d3bf70d22c42597f5cb_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d719d402444a60324cf1d9f7aaadfd49bcc1e9ed725a39e08ea317336bddbb67_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:053ad72159390ad37825015b051252dc162f46ebeeab4866e1568af1f0084cab_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:228bbd789e0de72a48a3673fab02aa53b14485fce3b27d2e4cd30eb30f5ac1b6_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d72bc2058e6fe68d79add2423d6ec95baf531f4d3e6a542f6e9d9a07f52bd9c9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:ea4c2c1e333eb04d8d5514d255336aa7f0d20fa462b595ebcadcf2929acf9909_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:1645b8ebfe127ec4a9b8c7c7a2d2ae6723bf1c02d49920a7f579197e8d21366f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:9164cc380719f38594bfef8cd590c16c53b066809ceecfc04ebef36355f42ce9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:ca0284c10827905e1576ea0a01bb09425acbf96d30b2e556b34e22e2d0115196_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:eb4386e6dfb4a2277085dbc44190243c40d973b80e9985fe42378098eb35e6e7_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-operator-bundle@sha256:2e8752ff9ae05a7ed9a3ed160681c17c8e5ffaf5b46b9ec37f7cbb6938388c8b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:9dd75502bd5db692f56e9f7e3fdbc0198c1767fa24b0bbfda380579506db6e4f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1d10099e7b5e3a3c4444569f6af365f90494c71b758aad1dad53f5aecf788ca5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:65c4003dfb7180e015ec74fe9e599bcc313501ab9b9c67d61fc59a68e6c89349_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:9bd2dd681994141e8566c1af858850b323def19b4ffbea2af12efd1d0e1015e9_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c988f8015f90581e97bb97210853d417b7f090e62d39a0469865e1628a9dbbd3_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:141b7b2c681d3313e3b09a77766f1babf684864433c3a1ae142085a69899e492_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:c869330faff69d3c83411b4b4c7551d6f082511c8d816e7947b4591fd6b0f7b5_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:584286170d5b1bb360fda36d9ec705cacf96177799d47b3e3dc7ec506e4d7579_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:2987990bc63fa58ced038084921bdf168a017bd0b94b296a7c79dc264388339a_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:66e773cf82a564ebe81af3d5206e6b24ddf9559ccb1e9f90646f0203b5da6863_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:74b1659b62a5d75ef62f8fc46701445a51a1e78e8d7d96ccccab47cdd67acacb_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:83746838d5b190c09d22dd1cc34c7d4822022534c624be10854bd9b660713932_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2c723b07206550b1fc1ec2df455931b93f84caabbc41784741f539579ea99dd3_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:25b4647a37692cde90c499460a62a78342827265992adc0740bef650028fc2df_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f0fc8196ffce6f355f06c0157a38e36109eaa9be1f3e91ad71fdd72bc33ee509_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:fdb74e11ba60926cf6abfe7898ffec199d3efe07fb0273e794ba4e10c9f7ad70_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor"
},
{
"cve": "CVE-2022-0536",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2022-02-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:d273d52e59706f54e1f5382119db5f50b462281fba160dab6d85b57707b45eec_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-operator-bundle@sha256:6d7720076a49e7e35b52a84c98d858a0c7b767ccad79ad3cfbf721419053669a_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7f8435653f35ea08e5d5e7305a06ad3ebee9ddf04f8c03c3cb34fd6fe1f6f577_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-operator-bundle@sha256:08d6bef2c472ebd7918a9124ac40e6ac0b834df9a7b4a160f027f511345a7df7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:d277d4fdca57ce067c39f039795be4890fa7fc8d38eccebad11a1d9597e87a20_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:3db3d6a4b9ff4b4b17784d1e1390fcd8888d87f827a726b6cbafe6977d10230b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d719d402444a60324cf1d9f7aaadfd49bcc1e9ed725a39e08ea317336bddbb67_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-operator-bundle@sha256:2e8752ff9ae05a7ed9a3ed160681c17c8e5ffaf5b46b9ec37f7cbb6938388c8b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:9dd75502bd5db692f56e9f7e3fdbc0198c1767fa24b0bbfda380579506db6e4f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:141b7b2c681d3313e3b09a77766f1babf684864433c3a1ae142085a69899e492_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:c869330faff69d3c83411b4b4c7551d6f082511c8d816e7947b4591fd6b0f7b5_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:584286170d5b1bb360fda36d9ec705cacf96177799d47b3e3dc7ec506e4d7579_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2c723b07206550b1fc1ec2df455931b93f84caabbc41784741f539579ea99dd3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2053259"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the follow-redirects package. This flaw allows the exposure of sensitive information to an unauthorized actor due to the usage of insecure HTTP protocol. This issue happens with an Authorization header leak from the same hostname, https-http, and requires a Man-in-the-Middle (MITM) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: Exposure of Sensitive Information via Authorization Header leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:5ee6284d6354e4e55f1ee7eb5a79b833aae6e31bf42bf185c4192e5d373f06e7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7c02ce667bc7b6693596ba249e34d7233a95fdb1966ce317927b2363518a564f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:eb1067cf493864c4ca48459b2f9adf0964b3849564743a17e7a3686e925e448f_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:f4615211c16cc89f94043e2588400957b8fd225f233c86096542ac1364678cf4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1690d6c99f4626289bcdd78c8521edffb61c91da1a45aa2eb2b6ab2af137b7c1_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1ff67f3ff46b59b86c2f29596008440da7da8d594005881c65d6d4ab645aefc6_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b251e7b26d4a6f3443d6d795a4d92992b5f79d56e5561477648eabae286d7641_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:87f5569806a8960520bab78d69514f2e2061b2ad69040cf7c164a5037c27e6bf_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:c8dce4a25f10645edc649576e995b2b6619c8bc39c2c30d3cffbe3a3c3a86b35_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:e0d3839cbb1734c0e224e0c076c7c8b4d0e0888e31989b8a6a611418ea2c72bc_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:00bdcca61bc8765fbbc838deeb86392ce25c72f0170241c270484ec9b77bd263_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:852442ee591c566acde876d1101b89f6009f186f6f705bb128754b2ed0043d46_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:ac8d47727a66b68185bf77848b27b8e5a9c41a023cb6f424a75369b6e4b500a7_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c6eb556ecea92be74c6175061678d06bb3006a6ccfc5927d2327ddcf244c934b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:37d0208891259e9d725fb4146d023c1f0cd0dafbff8e322b7c12621ea25f8c85_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49f1e7092bdd19f318580b3d4dfc37dbec8435f814b7d1b863ed34a6ba6157ee_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:e9f1e2743fe9930ccb470c6eb8d9e9577640fe6a9ab7a013648e513b6216fa74_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2bd4927011a029a1dd7ba2baa2fdc759d431550879eddc8813d89cb44cdb2767_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:526abc72ccfa1729a5962911f92da64a3dda4a689421ecdb21c7ad2a049f53ef_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:a492d94ceced107b6b8dc7339cca181875d2245c5f8ac9ecc51979160a341d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:f588f9517ac72fb92989f929ad6e643440f709cb4d311974d0e201bfd6b17958_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5aad1d226292a42c700e97575eec56040108869acdcb720a9c5b32d02a0035b3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:d40189f09ff39240e5e49412c1314d9911fcb957459c7496b215da8c9f758b8e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:ecc54bc4e8be6f3bfade15c23827e84445acc12c63b4e133cee73e57ac5a42aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2abd2d479416e66c6f85e4e883d5e4987bc38f476f907766374784107b89de9a_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2b5deb8c15ca85aec11aa24b3c7cdc200e7ece6b8e53cdf0b073898c8f3c87a5_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4d0f4fe708b4aea53b1bbf71fb10a41fd50313d62fb380b7cafd6abb130b5024_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:d2cc16ec9cc1f40da3b1967bc9a7b208062c5bc4a2753213ae2c41c62c5115aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:0a5ac166f5ebddae21dcf2ce8a5932494209533ac4a92ff5551a402291f27ff9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c59f7905c54d41103305ecef9883cbe5f37f8a1921572773d9fd783c35026be3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c786effa06598ecb80690644d1c9075588e123ad200db05686568a80a1feeb56_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:cb4d70c84e2d58e9a4f8108a16ad6f7e1ab78fc4ef7a96dc96f8b5ba788ece0e_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:65176cfc11dcc49e7b175404475dd0fcd9ad14e3b3e8ab85816cf52d64c51512_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:7ea7c9adce3bb022e345cffcb939e4d4d03e44717ac32a00cbef60d3fb5eb2b3_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:b14c3a7c4cc6531ed0d9701fe1b07ddc8c85e702ef8b058f0eaaadb1e8852a04_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:173a4998c70c4c8ff9d0d4f90fb48e8e3d3f8fbc4deeb4f742cbaa38dda61215_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:20c7a4f70f6000f204a3c53c153aaa3c08be94c98c09b90f538b2a19156a00e0_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:c5e4d50a9c4ee10b0e7f9bba3d4d21bf479b19423ef3e0530a6637be85acc1ed_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:599bfb2b83e095f88d90a408d4e8bf66bf10070255c5d174ca9ed8668111d25f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b2fbb75c7054d13ff54575b398d6d70b5f0348c9777fcb88611b95c0dc18db4e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:bdfb055790f5c58fd4d5699cdcb07151f4be909d920f3243d4610b74183a961d_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:d56cef998bb118950349234aacabc55dd066bb065b3502206505b1f7b01534c4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:40f8584e7ed0be1742fc3d40ee639dfd5323e38c55c7fcae4146d4246abf6cf0_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c8def04b4b3d5eb619a67c199c543e637582bfd8dbf59785bc7ebdb190a6511_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4da2afb698447df4a45a8bc1b479e57a5da7cd7a3ace09e131717a31155ec8a5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:95172347459900115fd67d22daa025b8545a9ee9ec05d1098f9196710c720d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:116f99072859f76161266a538d92d7e19e3b463fc18e6084cf7faf7a6b311116_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c5b233911109f0a218b634d8d317229a3949b2ea5936b7ec91ebfcdd6f15060_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:da96f0e217a418accd74f8958444423cb4baca7311ee8d3bf70d22c42597f5cb_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:053ad72159390ad37825015b051252dc162f46ebeeab4866e1568af1f0084cab_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:228bbd789e0de72a48a3673fab02aa53b14485fce3b27d2e4cd30eb30f5ac1b6_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d72bc2058e6fe68d79add2423d6ec95baf531f4d3e6a542f6e9d9a07f52bd9c9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:ea4c2c1e333eb04d8d5514d255336aa7f0d20fa462b595ebcadcf2929acf9909_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:1645b8ebfe127ec4a9b8c7c7a2d2ae6723bf1c02d49920a7f579197e8d21366f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:9164cc380719f38594bfef8cd590c16c53b066809ceecfc04ebef36355f42ce9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:ca0284c10827905e1576ea0a01bb09425acbf96d30b2e556b34e22e2d0115196_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:eb4386e6dfb4a2277085dbc44190243c40d973b80e9985fe42378098eb35e6e7_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1d10099e7b5e3a3c4444569f6af365f90494c71b758aad1dad53f5aecf788ca5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:65c4003dfb7180e015ec74fe9e599bcc313501ab9b9c67d61fc59a68e6c89349_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:9bd2dd681994141e8566c1af858850b323def19b4ffbea2af12efd1d0e1015e9_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c988f8015f90581e97bb97210853d417b7f090e62d39a0469865e1628a9dbbd3_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:2987990bc63fa58ced038084921bdf168a017bd0b94b296a7c79dc264388339a_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:66e773cf82a564ebe81af3d5206e6b24ddf9559ccb1e9f90646f0203b5da6863_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:74b1659b62a5d75ef62f8fc46701445a51a1e78e8d7d96ccccab47cdd67acacb_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:83746838d5b190c09d22dd1cc34c7d4822022534c624be10854bd9b660713932_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:25b4647a37692cde90c499460a62a78342827265992adc0740bef650028fc2df_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f0fc8196ffce6f355f06c0157a38e36109eaa9be1f3e91ad71fdd72bc33ee509_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:fdb74e11ba60926cf6abfe7898ffec199d3efe07fb0273e794ba4e10c9f7ad70_s390x"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:d273d52e59706f54e1f5382119db5f50b462281fba160dab6d85b57707b45eec_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-operator-bundle@sha256:6d7720076a49e7e35b52a84c98d858a0c7b767ccad79ad3cfbf721419053669a_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7f8435653f35ea08e5d5e7305a06ad3ebee9ddf04f8c03c3cb34fd6fe1f6f577_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-operator-bundle@sha256:08d6bef2c472ebd7918a9124ac40e6ac0b834df9a7b4a160f027f511345a7df7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:d277d4fdca57ce067c39f039795be4890fa7fc8d38eccebad11a1d9597e87a20_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:3db3d6a4b9ff4b4b17784d1e1390fcd8888d87f827a726b6cbafe6977d10230b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d719d402444a60324cf1d9f7aaadfd49bcc1e9ed725a39e08ea317336bddbb67_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-operator-bundle@sha256:2e8752ff9ae05a7ed9a3ed160681c17c8e5ffaf5b46b9ec37f7cbb6938388c8b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:9dd75502bd5db692f56e9f7e3fdbc0198c1767fa24b0bbfda380579506db6e4f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:141b7b2c681d3313e3b09a77766f1babf684864433c3a1ae142085a69899e492_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:c869330faff69d3c83411b4b4c7551d6f082511c8d816e7947b4591fd6b0f7b5_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:584286170d5b1bb360fda36d9ec705cacf96177799d47b3e3dc7ec506e4d7579_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2c723b07206550b1fc1ec2df455931b93f84caabbc41784741f539579ea99dd3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0536"
},
{
"category": "external",
"summary": "RHBZ#2053259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053259"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0536",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0536"
}
],
"release_date": "2022-02-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-13T17:36:32+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.18/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:5ee6284d6354e4e55f1ee7eb5a79b833aae6e31bf42bf185c4192e5d373f06e7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7c02ce667bc7b6693596ba249e34d7233a95fdb1966ce317927b2363518a564f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:eb1067cf493864c4ca48459b2f9adf0964b3849564743a17e7a3686e925e448f_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:f4615211c16cc89f94043e2588400957b8fd225f233c86096542ac1364678cf4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1690d6c99f4626289bcdd78c8521edffb61c91da1a45aa2eb2b6ab2af137b7c1_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1ff67f3ff46b59b86c2f29596008440da7da8d594005881c65d6d4ab645aefc6_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b251e7b26d4a6f3443d6d795a4d92992b5f79d56e5561477648eabae286d7641_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:87f5569806a8960520bab78d69514f2e2061b2ad69040cf7c164a5037c27e6bf_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:c8dce4a25f10645edc649576e995b2b6619c8bc39c2c30d3cffbe3a3c3a86b35_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:e0d3839cbb1734c0e224e0c076c7c8b4d0e0888e31989b8a6a611418ea2c72bc_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:00bdcca61bc8765fbbc838deeb86392ce25c72f0170241c270484ec9b77bd263_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:852442ee591c566acde876d1101b89f6009f186f6f705bb128754b2ed0043d46_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:ac8d47727a66b68185bf77848b27b8e5a9c41a023cb6f424a75369b6e4b500a7_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c6eb556ecea92be74c6175061678d06bb3006a6ccfc5927d2327ddcf244c934b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:37d0208891259e9d725fb4146d023c1f0cd0dafbff8e322b7c12621ea25f8c85_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49f1e7092bdd19f318580b3d4dfc37dbec8435f814b7d1b863ed34a6ba6157ee_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:e9f1e2743fe9930ccb470c6eb8d9e9577640fe6a9ab7a013648e513b6216fa74_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2bd4927011a029a1dd7ba2baa2fdc759d431550879eddc8813d89cb44cdb2767_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:526abc72ccfa1729a5962911f92da64a3dda4a689421ecdb21c7ad2a049f53ef_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:a492d94ceced107b6b8dc7339cca181875d2245c5f8ac9ecc51979160a341d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:f588f9517ac72fb92989f929ad6e643440f709cb4d311974d0e201bfd6b17958_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5aad1d226292a42c700e97575eec56040108869acdcb720a9c5b32d02a0035b3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:d40189f09ff39240e5e49412c1314d9911fcb957459c7496b215da8c9f758b8e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:ecc54bc4e8be6f3bfade15c23827e84445acc12c63b4e133cee73e57ac5a42aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2abd2d479416e66c6f85e4e883d5e4987bc38f476f907766374784107b89de9a_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2b5deb8c15ca85aec11aa24b3c7cdc200e7ece6b8e53cdf0b073898c8f3c87a5_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4d0f4fe708b4aea53b1bbf71fb10a41fd50313d62fb380b7cafd6abb130b5024_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:d2cc16ec9cc1f40da3b1967bc9a7b208062c5bc4a2753213ae2c41c62c5115aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:0a5ac166f5ebddae21dcf2ce8a5932494209533ac4a92ff5551a402291f27ff9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c59f7905c54d41103305ecef9883cbe5f37f8a1921572773d9fd783c35026be3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c786effa06598ecb80690644d1c9075588e123ad200db05686568a80a1feeb56_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:cb4d70c84e2d58e9a4f8108a16ad6f7e1ab78fc4ef7a96dc96f8b5ba788ece0e_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:65176cfc11dcc49e7b175404475dd0fcd9ad14e3b3e8ab85816cf52d64c51512_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:7ea7c9adce3bb022e345cffcb939e4d4d03e44717ac32a00cbef60d3fb5eb2b3_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:b14c3a7c4cc6531ed0d9701fe1b07ddc8c85e702ef8b058f0eaaadb1e8852a04_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:173a4998c70c4c8ff9d0d4f90fb48e8e3d3f8fbc4deeb4f742cbaa38dda61215_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:20c7a4f70f6000f204a3c53c153aaa3c08be94c98c09b90f538b2a19156a00e0_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:c5e4d50a9c4ee10b0e7f9bba3d4d21bf479b19423ef3e0530a6637be85acc1ed_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:599bfb2b83e095f88d90a408d4e8bf66bf10070255c5d174ca9ed8668111d25f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b2fbb75c7054d13ff54575b398d6d70b5f0348c9777fcb88611b95c0dc18db4e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:bdfb055790f5c58fd4d5699cdcb07151f4be909d920f3243d4610b74183a961d_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:d56cef998bb118950349234aacabc55dd066bb065b3502206505b1f7b01534c4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:40f8584e7ed0be1742fc3d40ee639dfd5323e38c55c7fcae4146d4246abf6cf0_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c8def04b4b3d5eb619a67c199c543e637582bfd8dbf59785bc7ebdb190a6511_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4da2afb698447df4a45a8bc1b479e57a5da7cd7a3ace09e131717a31155ec8a5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:95172347459900115fd67d22daa025b8545a9ee9ec05d1098f9196710c720d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:116f99072859f76161266a538d92d7e19e3b463fc18e6084cf7faf7a6b311116_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c5b233911109f0a218b634d8d317229a3949b2ea5936b7ec91ebfcdd6f15060_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:da96f0e217a418accd74f8958444423cb4baca7311ee8d3bf70d22c42597f5cb_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:053ad72159390ad37825015b051252dc162f46ebeeab4866e1568af1f0084cab_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:228bbd789e0de72a48a3673fab02aa53b14485fce3b27d2e4cd30eb30f5ac1b6_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d72bc2058e6fe68d79add2423d6ec95baf531f4d3e6a542f6e9d9a07f52bd9c9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:ea4c2c1e333eb04d8d5514d255336aa7f0d20fa462b595ebcadcf2929acf9909_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:1645b8ebfe127ec4a9b8c7c7a2d2ae6723bf1c02d49920a7f579197e8d21366f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:9164cc380719f38594bfef8cd590c16c53b066809ceecfc04ebef36355f42ce9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:ca0284c10827905e1576ea0a01bb09425acbf96d30b2e556b34e22e2d0115196_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:eb4386e6dfb4a2277085dbc44190243c40d973b80e9985fe42378098eb35e6e7_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1d10099e7b5e3a3c4444569f6af365f90494c71b758aad1dad53f5aecf788ca5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:65c4003dfb7180e015ec74fe9e599bcc313501ab9b9c67d61fc59a68e6c89349_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:9bd2dd681994141e8566c1af858850b323def19b4ffbea2af12efd1d0e1015e9_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c988f8015f90581e97bb97210853d417b7f090e62d39a0469865e1628a9dbbd3_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:2987990bc63fa58ced038084921bdf168a017bd0b94b296a7c79dc264388339a_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:66e773cf82a564ebe81af3d5206e6b24ddf9559ccb1e9f90646f0203b5da6863_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:74b1659b62a5d75ef62f8fc46701445a51a1e78e8d7d96ccccab47cdd67acacb_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:83746838d5b190c09d22dd1cc34c7d4822022534c624be10854bd9b660713932_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:25b4647a37692cde90c499460a62a78342827265992adc0740bef650028fc2df_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f0fc8196ffce6f355f06c0157a38e36109eaa9be1f3e91ad71fdd72bc33ee509_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:fdb74e11ba60926cf6abfe7898ffec199d3efe07fb0273e794ba4e10c9f7ad70_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21368"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:d273d52e59706f54e1f5382119db5f50b462281fba160dab6d85b57707b45eec_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:5ee6284d6354e4e55f1ee7eb5a79b833aae6e31bf42bf185c4192e5d373f06e7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7c02ce667bc7b6693596ba249e34d7233a95fdb1966ce317927b2363518a564f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:eb1067cf493864c4ca48459b2f9adf0964b3849564743a17e7a3686e925e448f_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:f4615211c16cc89f94043e2588400957b8fd225f233c86096542ac1364678cf4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1690d6c99f4626289bcdd78c8521edffb61c91da1a45aa2eb2b6ab2af137b7c1_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1ff67f3ff46b59b86c2f29596008440da7da8d594005881c65d6d4ab645aefc6_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b251e7b26d4a6f3443d6d795a4d92992b5f79d56e5561477648eabae286d7641_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:87f5569806a8960520bab78d69514f2e2061b2ad69040cf7c164a5037c27e6bf_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:c8dce4a25f10645edc649576e995b2b6619c8bc39c2c30d3cffbe3a3c3a86b35_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:e0d3839cbb1734c0e224e0c076c7c8b4d0e0888e31989b8a6a611418ea2c72bc_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-operator-bundle@sha256:6d7720076a49e7e35b52a84c98d858a0c7b767ccad79ad3cfbf721419053669a_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:00bdcca61bc8765fbbc838deeb86392ce25c72f0170241c270484ec9b77bd263_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:852442ee591c566acde876d1101b89f6009f186f6f705bb128754b2ed0043d46_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:ac8d47727a66b68185bf77848b27b8e5a9c41a023cb6f424a75369b6e4b500a7_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c6eb556ecea92be74c6175061678d06bb3006a6ccfc5927d2327ddcf244c934b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:37d0208891259e9d725fb4146d023c1f0cd0dafbff8e322b7c12621ea25f8c85_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49f1e7092bdd19f318580b3d4dfc37dbec8435f814b7d1b863ed34a6ba6157ee_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:e9f1e2743fe9930ccb470c6eb8d9e9577640fe6a9ab7a013648e513b6216fa74_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7f8435653f35ea08e5d5e7305a06ad3ebee9ddf04f8c03c3cb34fd6fe1f6f577_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2bd4927011a029a1dd7ba2baa2fdc759d431550879eddc8813d89cb44cdb2767_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:526abc72ccfa1729a5962911f92da64a3dda4a689421ecdb21c7ad2a049f53ef_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:a492d94ceced107b6b8dc7339cca181875d2245c5f8ac9ecc51979160a341d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:f588f9517ac72fb92989f929ad6e643440f709cb4d311974d0e201bfd6b17958_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5aad1d226292a42c700e97575eec56040108869acdcb720a9c5b32d02a0035b3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:d40189f09ff39240e5e49412c1314d9911fcb957459c7496b215da8c9f758b8e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:ecc54bc4e8be6f3bfade15c23827e84445acc12c63b4e133cee73e57ac5a42aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-operator-bundle@sha256:08d6bef2c472ebd7918a9124ac40e6ac0b834df9a7b4a160f027f511345a7df7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2abd2d479416e66c6f85e4e883d5e4987bc38f476f907766374784107b89de9a_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2b5deb8c15ca85aec11aa24b3c7cdc200e7ece6b8e53cdf0b073898c8f3c87a5_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4d0f4fe708b4aea53b1bbf71fb10a41fd50313d62fb380b7cafd6abb130b5024_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:d2cc16ec9cc1f40da3b1967bc9a7b208062c5bc4a2753213ae2c41c62c5115aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:0a5ac166f5ebddae21dcf2ce8a5932494209533ac4a92ff5551a402291f27ff9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c59f7905c54d41103305ecef9883cbe5f37f8a1921572773d9fd783c35026be3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c786effa06598ecb80690644d1c9075588e123ad200db05686568a80a1feeb56_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:cb4d70c84e2d58e9a4f8108a16ad6f7e1ab78fc4ef7a96dc96f8b5ba788ece0e_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:65176cfc11dcc49e7b175404475dd0fcd9ad14e3b3e8ab85816cf52d64c51512_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:7ea7c9adce3bb022e345cffcb939e4d4d03e44717ac32a00cbef60d3fb5eb2b3_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:b14c3a7c4cc6531ed0d9701fe1b07ddc8c85e702ef8b058f0eaaadb1e8852a04_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:173a4998c70c4c8ff9d0d4f90fb48e8e3d3f8fbc4deeb4f742cbaa38dda61215_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:20c7a4f70f6000f204a3c53c153aaa3c08be94c98c09b90f538b2a19156a00e0_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:c5e4d50a9c4ee10b0e7f9bba3d4d21bf479b19423ef3e0530a6637be85acc1ed_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:d277d4fdca57ce067c39f039795be4890fa7fc8d38eccebad11a1d9597e87a20_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:599bfb2b83e095f88d90a408d4e8bf66bf10070255c5d174ca9ed8668111d25f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b2fbb75c7054d13ff54575b398d6d70b5f0348c9777fcb88611b95c0dc18db4e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:bdfb055790f5c58fd4d5699cdcb07151f4be909d920f3243d4610b74183a961d_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:d56cef998bb118950349234aacabc55dd066bb065b3502206505b1f7b01534c4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:40f8584e7ed0be1742fc3d40ee639dfd5323e38c55c7fcae4146d4246abf6cf0_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c8def04b4b3d5eb619a67c199c543e637582bfd8dbf59785bc7ebdb190a6511_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4da2afb698447df4a45a8bc1b479e57a5da7cd7a3ace09e131717a31155ec8a5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:95172347459900115fd67d22daa025b8545a9ee9ec05d1098f9196710c720d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:3db3d6a4b9ff4b4b17784d1e1390fcd8888d87f827a726b6cbafe6977d10230b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:116f99072859f76161266a538d92d7e19e3b463fc18e6084cf7faf7a6b311116_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c5b233911109f0a218b634d8d317229a3949b2ea5936b7ec91ebfcdd6f15060_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:da96f0e217a418accd74f8958444423cb4baca7311ee8d3bf70d22c42597f5cb_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d719d402444a60324cf1d9f7aaadfd49bcc1e9ed725a39e08ea317336bddbb67_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:053ad72159390ad37825015b051252dc162f46ebeeab4866e1568af1f0084cab_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:228bbd789e0de72a48a3673fab02aa53b14485fce3b27d2e4cd30eb30f5ac1b6_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d72bc2058e6fe68d79add2423d6ec95baf531f4d3e6a542f6e9d9a07f52bd9c9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:ea4c2c1e333eb04d8d5514d255336aa7f0d20fa462b595ebcadcf2929acf9909_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:1645b8ebfe127ec4a9b8c7c7a2d2ae6723bf1c02d49920a7f579197e8d21366f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:9164cc380719f38594bfef8cd590c16c53b066809ceecfc04ebef36355f42ce9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:ca0284c10827905e1576ea0a01bb09425acbf96d30b2e556b34e22e2d0115196_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:eb4386e6dfb4a2277085dbc44190243c40d973b80e9985fe42378098eb35e6e7_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-operator-bundle@sha256:2e8752ff9ae05a7ed9a3ed160681c17c8e5ffaf5b46b9ec37f7cbb6938388c8b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:9dd75502bd5db692f56e9f7e3fdbc0198c1767fa24b0bbfda380579506db6e4f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1d10099e7b5e3a3c4444569f6af365f90494c71b758aad1dad53f5aecf788ca5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:65c4003dfb7180e015ec74fe9e599bcc313501ab9b9c67d61fc59a68e6c89349_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:9bd2dd681994141e8566c1af858850b323def19b4ffbea2af12efd1d0e1015e9_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c988f8015f90581e97bb97210853d417b7f090e62d39a0469865e1628a9dbbd3_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:141b7b2c681d3313e3b09a77766f1babf684864433c3a1ae142085a69899e492_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:c869330faff69d3c83411b4b4c7551d6f082511c8d816e7947b4591fd6b0f7b5_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:584286170d5b1bb360fda36d9ec705cacf96177799d47b3e3dc7ec506e4d7579_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:2987990bc63fa58ced038084921bdf168a017bd0b94b296a7c79dc264388339a_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:66e773cf82a564ebe81af3d5206e6b24ddf9559ccb1e9f90646f0203b5da6863_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:74b1659b62a5d75ef62f8fc46701445a51a1e78e8d7d96ccccab47cdd67acacb_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:83746838d5b190c09d22dd1cc34c7d4822022534c624be10854bd9b660713932_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2c723b07206550b1fc1ec2df455931b93f84caabbc41784741f539579ea99dd3_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:25b4647a37692cde90c499460a62a78342827265992adc0740bef650028fc2df_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f0fc8196ffce6f355f06c0157a38e36109eaa9be1f3e91ad71fdd72bc33ee509_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:fdb74e11ba60926cf6abfe7898ffec199d3efe07fb0273e794ba4e10c9f7ad70_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "follow-redirects: Exposure of Sensitive Information via Authorization Header leak"
},
{
"cve": "CVE-2025-5889",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-06-09T19:00:43.176857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:d273d52e59706f54e1f5382119db5f50b462281fba160dab6d85b57707b45eec_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-operator-bundle@sha256:6d7720076a49e7e35b52a84c98d858a0c7b767ccad79ad3cfbf721419053669a_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7f8435653f35ea08e5d5e7305a06ad3ebee9ddf04f8c03c3cb34fd6fe1f6f577_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-operator-bundle@sha256:08d6bef2c472ebd7918a9124ac40e6ac0b834df9a7b4a160f027f511345a7df7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:d277d4fdca57ce067c39f039795be4890fa7fc8d38eccebad11a1d9597e87a20_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:3db3d6a4b9ff4b4b17784d1e1390fcd8888d87f827a726b6cbafe6977d10230b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d719d402444a60324cf1d9f7aaadfd49bcc1e9ed725a39e08ea317336bddbb67_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-operator-bundle@sha256:2e8752ff9ae05a7ed9a3ed160681c17c8e5ffaf5b46b9ec37f7cbb6938388c8b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:9dd75502bd5db692f56e9f7e3fdbc0198c1767fa24b0bbfda380579506db6e4f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:141b7b2c681d3313e3b09a77766f1babf684864433c3a1ae142085a69899e492_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:c869330faff69d3c83411b4b4c7551d6f082511c8d816e7947b4591fd6b0f7b5_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:584286170d5b1bb360fda36d9ec705cacf96177799d47b3e3dc7ec506e4d7579_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2c723b07206550b1fc1ec2df455931b93f84caabbc41784741f539579ea99dd3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2371270"
}
],
"notes": [
{
"category": "description",
"text": "A denial-of-service (DoS) vulnerability has been identified in the brace-expansion JavaScript package. This issue occurs due to inefficient regular expression complexity, which can be exploited by an attacker providing specially crafted input. Such input could lead to excessive processing time and resource consumption, rendering applications that utilize this package unresponsive and causing a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "brace-expansion: juliangruber brace-expansion index.js expand redos",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:5ee6284d6354e4e55f1ee7eb5a79b833aae6e31bf42bf185c4192e5d373f06e7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7c02ce667bc7b6693596ba249e34d7233a95fdb1966ce317927b2363518a564f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:eb1067cf493864c4ca48459b2f9adf0964b3849564743a17e7a3686e925e448f_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:f4615211c16cc89f94043e2588400957b8fd225f233c86096542ac1364678cf4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1690d6c99f4626289bcdd78c8521edffb61c91da1a45aa2eb2b6ab2af137b7c1_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1ff67f3ff46b59b86c2f29596008440da7da8d594005881c65d6d4ab645aefc6_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b251e7b26d4a6f3443d6d795a4d92992b5f79d56e5561477648eabae286d7641_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:87f5569806a8960520bab78d69514f2e2061b2ad69040cf7c164a5037c27e6bf_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:c8dce4a25f10645edc649576e995b2b6619c8bc39c2c30d3cffbe3a3c3a86b35_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:e0d3839cbb1734c0e224e0c076c7c8b4d0e0888e31989b8a6a611418ea2c72bc_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:00bdcca61bc8765fbbc838deeb86392ce25c72f0170241c270484ec9b77bd263_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:852442ee591c566acde876d1101b89f6009f186f6f705bb128754b2ed0043d46_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:ac8d47727a66b68185bf77848b27b8e5a9c41a023cb6f424a75369b6e4b500a7_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c6eb556ecea92be74c6175061678d06bb3006a6ccfc5927d2327ddcf244c934b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:37d0208891259e9d725fb4146d023c1f0cd0dafbff8e322b7c12621ea25f8c85_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49f1e7092bdd19f318580b3d4dfc37dbec8435f814b7d1b863ed34a6ba6157ee_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:e9f1e2743fe9930ccb470c6eb8d9e9577640fe6a9ab7a013648e513b6216fa74_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2bd4927011a029a1dd7ba2baa2fdc759d431550879eddc8813d89cb44cdb2767_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:526abc72ccfa1729a5962911f92da64a3dda4a689421ecdb21c7ad2a049f53ef_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:a492d94ceced107b6b8dc7339cca181875d2245c5f8ac9ecc51979160a341d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:f588f9517ac72fb92989f929ad6e643440f709cb4d311974d0e201bfd6b17958_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5aad1d226292a42c700e97575eec56040108869acdcb720a9c5b32d02a0035b3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:d40189f09ff39240e5e49412c1314d9911fcb957459c7496b215da8c9f758b8e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:ecc54bc4e8be6f3bfade15c23827e84445acc12c63b4e133cee73e57ac5a42aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2abd2d479416e66c6f85e4e883d5e4987bc38f476f907766374784107b89de9a_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2b5deb8c15ca85aec11aa24b3c7cdc200e7ece6b8e53cdf0b073898c8f3c87a5_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4d0f4fe708b4aea53b1bbf71fb10a41fd50313d62fb380b7cafd6abb130b5024_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:d2cc16ec9cc1f40da3b1967bc9a7b208062c5bc4a2753213ae2c41c62c5115aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:0a5ac166f5ebddae21dcf2ce8a5932494209533ac4a92ff5551a402291f27ff9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c59f7905c54d41103305ecef9883cbe5f37f8a1921572773d9fd783c35026be3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c786effa06598ecb80690644d1c9075588e123ad200db05686568a80a1feeb56_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:cb4d70c84e2d58e9a4f8108a16ad6f7e1ab78fc4ef7a96dc96f8b5ba788ece0e_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:65176cfc11dcc49e7b175404475dd0fcd9ad14e3b3e8ab85816cf52d64c51512_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:7ea7c9adce3bb022e345cffcb939e4d4d03e44717ac32a00cbef60d3fb5eb2b3_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:b14c3a7c4cc6531ed0d9701fe1b07ddc8c85e702ef8b058f0eaaadb1e8852a04_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:173a4998c70c4c8ff9d0d4f90fb48e8e3d3f8fbc4deeb4f742cbaa38dda61215_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:20c7a4f70f6000f204a3c53c153aaa3c08be94c98c09b90f538b2a19156a00e0_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:c5e4d50a9c4ee10b0e7f9bba3d4d21bf479b19423ef3e0530a6637be85acc1ed_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:599bfb2b83e095f88d90a408d4e8bf66bf10070255c5d174ca9ed8668111d25f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b2fbb75c7054d13ff54575b398d6d70b5f0348c9777fcb88611b95c0dc18db4e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:bdfb055790f5c58fd4d5699cdcb07151f4be909d920f3243d4610b74183a961d_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:d56cef998bb118950349234aacabc55dd066bb065b3502206505b1f7b01534c4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:40f8584e7ed0be1742fc3d40ee639dfd5323e38c55c7fcae4146d4246abf6cf0_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c8def04b4b3d5eb619a67c199c543e637582bfd8dbf59785bc7ebdb190a6511_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4da2afb698447df4a45a8bc1b479e57a5da7cd7a3ace09e131717a31155ec8a5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:95172347459900115fd67d22daa025b8545a9ee9ec05d1098f9196710c720d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:116f99072859f76161266a538d92d7e19e3b463fc18e6084cf7faf7a6b311116_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c5b233911109f0a218b634d8d317229a3949b2ea5936b7ec91ebfcdd6f15060_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:da96f0e217a418accd74f8958444423cb4baca7311ee8d3bf70d22c42597f5cb_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:053ad72159390ad37825015b051252dc162f46ebeeab4866e1568af1f0084cab_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:228bbd789e0de72a48a3673fab02aa53b14485fce3b27d2e4cd30eb30f5ac1b6_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d72bc2058e6fe68d79add2423d6ec95baf531f4d3e6a542f6e9d9a07f52bd9c9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:ea4c2c1e333eb04d8d5514d255336aa7f0d20fa462b595ebcadcf2929acf9909_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:1645b8ebfe127ec4a9b8c7c7a2d2ae6723bf1c02d49920a7f579197e8d21366f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:9164cc380719f38594bfef8cd590c16c53b066809ceecfc04ebef36355f42ce9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:ca0284c10827905e1576ea0a01bb09425acbf96d30b2e556b34e22e2d0115196_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:eb4386e6dfb4a2277085dbc44190243c40d973b80e9985fe42378098eb35e6e7_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1d10099e7b5e3a3c4444569f6af365f90494c71b758aad1dad53f5aecf788ca5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:65c4003dfb7180e015ec74fe9e599bcc313501ab9b9c67d61fc59a68e6c89349_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:9bd2dd681994141e8566c1af858850b323def19b4ffbea2af12efd1d0e1015e9_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c988f8015f90581e97bb97210853d417b7f090e62d39a0469865e1628a9dbbd3_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:2987990bc63fa58ced038084921bdf168a017bd0b94b296a7c79dc264388339a_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:66e773cf82a564ebe81af3d5206e6b24ddf9559ccb1e9f90646f0203b5da6863_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:74b1659b62a5d75ef62f8fc46701445a51a1e78e8d7d96ccccab47cdd67acacb_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:83746838d5b190c09d22dd1cc34c7d4822022534c624be10854bd9b660713932_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:25b4647a37692cde90c499460a62a78342827265992adc0740bef650028fc2df_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f0fc8196ffce6f355f06c0157a38e36109eaa9be1f3e91ad71fdd72bc33ee509_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:fdb74e11ba60926cf6abfe7898ffec199d3efe07fb0273e794ba4e10c9f7ad70_s390x"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:d273d52e59706f54e1f5382119db5f50b462281fba160dab6d85b57707b45eec_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-operator-bundle@sha256:6d7720076a49e7e35b52a84c98d858a0c7b767ccad79ad3cfbf721419053669a_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7f8435653f35ea08e5d5e7305a06ad3ebee9ddf04f8c03c3cb34fd6fe1f6f577_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-operator-bundle@sha256:08d6bef2c472ebd7918a9124ac40e6ac0b834df9a7b4a160f027f511345a7df7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:d277d4fdca57ce067c39f039795be4890fa7fc8d38eccebad11a1d9597e87a20_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:3db3d6a4b9ff4b4b17784d1e1390fcd8888d87f827a726b6cbafe6977d10230b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d719d402444a60324cf1d9f7aaadfd49bcc1e9ed725a39e08ea317336bddbb67_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-operator-bundle@sha256:2e8752ff9ae05a7ed9a3ed160681c17c8e5ffaf5b46b9ec37f7cbb6938388c8b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:9dd75502bd5db692f56e9f7e3fdbc0198c1767fa24b0bbfda380579506db6e4f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:141b7b2c681d3313e3b09a77766f1babf684864433c3a1ae142085a69899e492_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:c869330faff69d3c83411b4b4c7551d6f082511c8d816e7947b4591fd6b0f7b5_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:584286170d5b1bb360fda36d9ec705cacf96177799d47b3e3dc7ec506e4d7579_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2c723b07206550b1fc1ec2df455931b93f84caabbc41784741f539579ea99dd3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5889"
},
{
"category": "external",
"summary": "RHBZ#2371270",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2371270"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5889",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5889"
},
{
"category": "external",
"summary": "https://gist.github.com/mmmsssttt404/37a40ce7d6e5ca604858fe30814d9466",
"url": "https://gist.github.com/mmmsssttt404/37a40ce7d6e5ca604858fe30814d9466"
},
{
"category": "external",
"summary": "https://github.com/juliangruber/brace-expansion/pull/65/commits/a5b98a4f30d7813266b221435e1eaaf25a1b0ac5",
"url": "https://github.com/juliangruber/brace-expansion/pull/65/commits/a5b98a4f30d7813266b221435e1eaaf25a1b0ac5"
},
{
"category": "external",
"summary": "https://vuldb.com/?ctiid.311660",
"url": "https://vuldb.com/?ctiid.311660"
},
{
"category": "external",
"summary": "https://vuldb.com/?id.311660",
"url": "https://vuldb.com/?id.311660"
},
{
"category": "external",
"summary": "https://vuldb.com/?submit.585717",
"url": "https://vuldb.com/?submit.585717"
}
],
"release_date": "2025-06-09T18:16:01.889000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-13T17:36:32+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.18/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:5ee6284d6354e4e55f1ee7eb5a79b833aae6e31bf42bf185c4192e5d373f06e7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7c02ce667bc7b6693596ba249e34d7233a95fdb1966ce317927b2363518a564f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:eb1067cf493864c4ca48459b2f9adf0964b3849564743a17e7a3686e925e448f_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:f4615211c16cc89f94043e2588400957b8fd225f233c86096542ac1364678cf4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1690d6c99f4626289bcdd78c8521edffb61c91da1a45aa2eb2b6ab2af137b7c1_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1ff67f3ff46b59b86c2f29596008440da7da8d594005881c65d6d4ab645aefc6_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b251e7b26d4a6f3443d6d795a4d92992b5f79d56e5561477648eabae286d7641_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:87f5569806a8960520bab78d69514f2e2061b2ad69040cf7c164a5037c27e6bf_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:c8dce4a25f10645edc649576e995b2b6619c8bc39c2c30d3cffbe3a3c3a86b35_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:e0d3839cbb1734c0e224e0c076c7c8b4d0e0888e31989b8a6a611418ea2c72bc_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:00bdcca61bc8765fbbc838deeb86392ce25c72f0170241c270484ec9b77bd263_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:852442ee591c566acde876d1101b89f6009f186f6f705bb128754b2ed0043d46_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:ac8d47727a66b68185bf77848b27b8e5a9c41a023cb6f424a75369b6e4b500a7_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c6eb556ecea92be74c6175061678d06bb3006a6ccfc5927d2327ddcf244c934b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:37d0208891259e9d725fb4146d023c1f0cd0dafbff8e322b7c12621ea25f8c85_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49f1e7092bdd19f318580b3d4dfc37dbec8435f814b7d1b863ed34a6ba6157ee_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:e9f1e2743fe9930ccb470c6eb8d9e9577640fe6a9ab7a013648e513b6216fa74_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2bd4927011a029a1dd7ba2baa2fdc759d431550879eddc8813d89cb44cdb2767_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:526abc72ccfa1729a5962911f92da64a3dda4a689421ecdb21c7ad2a049f53ef_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:a492d94ceced107b6b8dc7339cca181875d2245c5f8ac9ecc51979160a341d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:f588f9517ac72fb92989f929ad6e643440f709cb4d311974d0e201bfd6b17958_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5aad1d226292a42c700e97575eec56040108869acdcb720a9c5b32d02a0035b3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:d40189f09ff39240e5e49412c1314d9911fcb957459c7496b215da8c9f758b8e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:ecc54bc4e8be6f3bfade15c23827e84445acc12c63b4e133cee73e57ac5a42aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2abd2d479416e66c6f85e4e883d5e4987bc38f476f907766374784107b89de9a_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2b5deb8c15ca85aec11aa24b3c7cdc200e7ece6b8e53cdf0b073898c8f3c87a5_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4d0f4fe708b4aea53b1bbf71fb10a41fd50313d62fb380b7cafd6abb130b5024_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:d2cc16ec9cc1f40da3b1967bc9a7b208062c5bc4a2753213ae2c41c62c5115aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:0a5ac166f5ebddae21dcf2ce8a5932494209533ac4a92ff5551a402291f27ff9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c59f7905c54d41103305ecef9883cbe5f37f8a1921572773d9fd783c35026be3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c786effa06598ecb80690644d1c9075588e123ad200db05686568a80a1feeb56_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:cb4d70c84e2d58e9a4f8108a16ad6f7e1ab78fc4ef7a96dc96f8b5ba788ece0e_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:65176cfc11dcc49e7b175404475dd0fcd9ad14e3b3e8ab85816cf52d64c51512_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:7ea7c9adce3bb022e345cffcb939e4d4d03e44717ac32a00cbef60d3fb5eb2b3_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:b14c3a7c4cc6531ed0d9701fe1b07ddc8c85e702ef8b058f0eaaadb1e8852a04_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:173a4998c70c4c8ff9d0d4f90fb48e8e3d3f8fbc4deeb4f742cbaa38dda61215_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:20c7a4f70f6000f204a3c53c153aaa3c08be94c98c09b90f538b2a19156a00e0_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:c5e4d50a9c4ee10b0e7f9bba3d4d21bf479b19423ef3e0530a6637be85acc1ed_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:599bfb2b83e095f88d90a408d4e8bf66bf10070255c5d174ca9ed8668111d25f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b2fbb75c7054d13ff54575b398d6d70b5f0348c9777fcb88611b95c0dc18db4e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:bdfb055790f5c58fd4d5699cdcb07151f4be909d920f3243d4610b74183a961d_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:d56cef998bb118950349234aacabc55dd066bb065b3502206505b1f7b01534c4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:40f8584e7ed0be1742fc3d40ee639dfd5323e38c55c7fcae4146d4246abf6cf0_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c8def04b4b3d5eb619a67c199c543e637582bfd8dbf59785bc7ebdb190a6511_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4da2afb698447df4a45a8bc1b479e57a5da7cd7a3ace09e131717a31155ec8a5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:95172347459900115fd67d22daa025b8545a9ee9ec05d1098f9196710c720d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:116f99072859f76161266a538d92d7e19e3b463fc18e6084cf7faf7a6b311116_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c5b233911109f0a218b634d8d317229a3949b2ea5936b7ec91ebfcdd6f15060_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:da96f0e217a418accd74f8958444423cb4baca7311ee8d3bf70d22c42597f5cb_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:053ad72159390ad37825015b051252dc162f46ebeeab4866e1568af1f0084cab_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:228bbd789e0de72a48a3673fab02aa53b14485fce3b27d2e4cd30eb30f5ac1b6_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d72bc2058e6fe68d79add2423d6ec95baf531f4d3e6a542f6e9d9a07f52bd9c9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:ea4c2c1e333eb04d8d5514d255336aa7f0d20fa462b595ebcadcf2929acf9909_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:1645b8ebfe127ec4a9b8c7c7a2d2ae6723bf1c02d49920a7f579197e8d21366f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:9164cc380719f38594bfef8cd590c16c53b066809ceecfc04ebef36355f42ce9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:ca0284c10827905e1576ea0a01bb09425acbf96d30b2e556b34e22e2d0115196_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:eb4386e6dfb4a2277085dbc44190243c40d973b80e9985fe42378098eb35e6e7_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1d10099e7b5e3a3c4444569f6af365f90494c71b758aad1dad53f5aecf788ca5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:65c4003dfb7180e015ec74fe9e599bcc313501ab9b9c67d61fc59a68e6c89349_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:9bd2dd681994141e8566c1af858850b323def19b4ffbea2af12efd1d0e1015e9_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c988f8015f90581e97bb97210853d417b7f090e62d39a0469865e1628a9dbbd3_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:2987990bc63fa58ced038084921bdf168a017bd0b94b296a7c79dc264388339a_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:66e773cf82a564ebe81af3d5206e6b24ddf9559ccb1e9f90646f0203b5da6863_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:74b1659b62a5d75ef62f8fc46701445a51a1e78e8d7d96ccccab47cdd67acacb_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:83746838d5b190c09d22dd1cc34c7d4822022534c624be10854bd9b660713932_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:25b4647a37692cde90c499460a62a78342827265992adc0740bef650028fc2df_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f0fc8196ffce6f355f06c0157a38e36109eaa9be1f3e91ad71fdd72bc33ee509_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:fdb74e11ba60926cf6abfe7898ffec199d3efe07fb0273e794ba4e10c9f7ad70_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21368"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:d273d52e59706f54e1f5382119db5f50b462281fba160dab6d85b57707b45eec_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:5ee6284d6354e4e55f1ee7eb5a79b833aae6e31bf42bf185c4192e5d373f06e7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7c02ce667bc7b6693596ba249e34d7233a95fdb1966ce317927b2363518a564f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:eb1067cf493864c4ca48459b2f9adf0964b3849564743a17e7a3686e925e448f_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:f4615211c16cc89f94043e2588400957b8fd225f233c86096542ac1364678cf4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1690d6c99f4626289bcdd78c8521edffb61c91da1a45aa2eb2b6ab2af137b7c1_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1ff67f3ff46b59b86c2f29596008440da7da8d594005881c65d6d4ab645aefc6_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b251e7b26d4a6f3443d6d795a4d92992b5f79d56e5561477648eabae286d7641_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:87f5569806a8960520bab78d69514f2e2061b2ad69040cf7c164a5037c27e6bf_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:c8dce4a25f10645edc649576e995b2b6619c8bc39c2c30d3cffbe3a3c3a86b35_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:e0d3839cbb1734c0e224e0c076c7c8b4d0e0888e31989b8a6a611418ea2c72bc_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-operator-bundle@sha256:6d7720076a49e7e35b52a84c98d858a0c7b767ccad79ad3cfbf721419053669a_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:00bdcca61bc8765fbbc838deeb86392ce25c72f0170241c270484ec9b77bd263_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:852442ee591c566acde876d1101b89f6009f186f6f705bb128754b2ed0043d46_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:ac8d47727a66b68185bf77848b27b8e5a9c41a023cb6f424a75369b6e4b500a7_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c6eb556ecea92be74c6175061678d06bb3006a6ccfc5927d2327ddcf244c934b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:37d0208891259e9d725fb4146d023c1f0cd0dafbff8e322b7c12621ea25f8c85_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49f1e7092bdd19f318580b3d4dfc37dbec8435f814b7d1b863ed34a6ba6157ee_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:e9f1e2743fe9930ccb470c6eb8d9e9577640fe6a9ab7a013648e513b6216fa74_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7f8435653f35ea08e5d5e7305a06ad3ebee9ddf04f8c03c3cb34fd6fe1f6f577_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2bd4927011a029a1dd7ba2baa2fdc759d431550879eddc8813d89cb44cdb2767_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:526abc72ccfa1729a5962911f92da64a3dda4a689421ecdb21c7ad2a049f53ef_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:a492d94ceced107b6b8dc7339cca181875d2245c5f8ac9ecc51979160a341d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:f588f9517ac72fb92989f929ad6e643440f709cb4d311974d0e201bfd6b17958_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5aad1d226292a42c700e97575eec56040108869acdcb720a9c5b32d02a0035b3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:d40189f09ff39240e5e49412c1314d9911fcb957459c7496b215da8c9f758b8e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:ecc54bc4e8be6f3bfade15c23827e84445acc12c63b4e133cee73e57ac5a42aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-operator-bundle@sha256:08d6bef2c472ebd7918a9124ac40e6ac0b834df9a7b4a160f027f511345a7df7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2abd2d479416e66c6f85e4e883d5e4987bc38f476f907766374784107b89de9a_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2b5deb8c15ca85aec11aa24b3c7cdc200e7ece6b8e53cdf0b073898c8f3c87a5_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4d0f4fe708b4aea53b1bbf71fb10a41fd50313d62fb380b7cafd6abb130b5024_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:d2cc16ec9cc1f40da3b1967bc9a7b208062c5bc4a2753213ae2c41c62c5115aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:0a5ac166f5ebddae21dcf2ce8a5932494209533ac4a92ff5551a402291f27ff9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c59f7905c54d41103305ecef9883cbe5f37f8a1921572773d9fd783c35026be3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c786effa06598ecb80690644d1c9075588e123ad200db05686568a80a1feeb56_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:cb4d70c84e2d58e9a4f8108a16ad6f7e1ab78fc4ef7a96dc96f8b5ba788ece0e_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:65176cfc11dcc49e7b175404475dd0fcd9ad14e3b3e8ab85816cf52d64c51512_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:7ea7c9adce3bb022e345cffcb939e4d4d03e44717ac32a00cbef60d3fb5eb2b3_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:b14c3a7c4cc6531ed0d9701fe1b07ddc8c85e702ef8b058f0eaaadb1e8852a04_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:173a4998c70c4c8ff9d0d4f90fb48e8e3d3f8fbc4deeb4f742cbaa38dda61215_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:20c7a4f70f6000f204a3c53c153aaa3c08be94c98c09b90f538b2a19156a00e0_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:c5e4d50a9c4ee10b0e7f9bba3d4d21bf479b19423ef3e0530a6637be85acc1ed_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:d277d4fdca57ce067c39f039795be4890fa7fc8d38eccebad11a1d9597e87a20_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:599bfb2b83e095f88d90a408d4e8bf66bf10070255c5d174ca9ed8668111d25f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b2fbb75c7054d13ff54575b398d6d70b5f0348c9777fcb88611b95c0dc18db4e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:bdfb055790f5c58fd4d5699cdcb07151f4be909d920f3243d4610b74183a961d_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:d56cef998bb118950349234aacabc55dd066bb065b3502206505b1f7b01534c4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:40f8584e7ed0be1742fc3d40ee639dfd5323e38c55c7fcae4146d4246abf6cf0_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c8def04b4b3d5eb619a67c199c543e637582bfd8dbf59785bc7ebdb190a6511_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4da2afb698447df4a45a8bc1b479e57a5da7cd7a3ace09e131717a31155ec8a5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:95172347459900115fd67d22daa025b8545a9ee9ec05d1098f9196710c720d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:3db3d6a4b9ff4b4b17784d1e1390fcd8888d87f827a726b6cbafe6977d10230b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:116f99072859f76161266a538d92d7e19e3b463fc18e6084cf7faf7a6b311116_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c5b233911109f0a218b634d8d317229a3949b2ea5936b7ec91ebfcdd6f15060_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:da96f0e217a418accd74f8958444423cb4baca7311ee8d3bf70d22c42597f5cb_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d719d402444a60324cf1d9f7aaadfd49bcc1e9ed725a39e08ea317336bddbb67_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:053ad72159390ad37825015b051252dc162f46ebeeab4866e1568af1f0084cab_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:228bbd789e0de72a48a3673fab02aa53b14485fce3b27d2e4cd30eb30f5ac1b6_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d72bc2058e6fe68d79add2423d6ec95baf531f4d3e6a542f6e9d9a07f52bd9c9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:ea4c2c1e333eb04d8d5514d255336aa7f0d20fa462b595ebcadcf2929acf9909_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:1645b8ebfe127ec4a9b8c7c7a2d2ae6723bf1c02d49920a7f579197e8d21366f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:9164cc380719f38594bfef8cd590c16c53b066809ceecfc04ebef36355f42ce9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:ca0284c10827905e1576ea0a01bb09425acbf96d30b2e556b34e22e2d0115196_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:eb4386e6dfb4a2277085dbc44190243c40d973b80e9985fe42378098eb35e6e7_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-operator-bundle@sha256:2e8752ff9ae05a7ed9a3ed160681c17c8e5ffaf5b46b9ec37f7cbb6938388c8b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:9dd75502bd5db692f56e9f7e3fdbc0198c1767fa24b0bbfda380579506db6e4f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1d10099e7b5e3a3c4444569f6af365f90494c71b758aad1dad53f5aecf788ca5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:65c4003dfb7180e015ec74fe9e599bcc313501ab9b9c67d61fc59a68e6c89349_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:9bd2dd681994141e8566c1af858850b323def19b4ffbea2af12efd1d0e1015e9_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c988f8015f90581e97bb97210853d417b7f090e62d39a0469865e1628a9dbbd3_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:141b7b2c681d3313e3b09a77766f1babf684864433c3a1ae142085a69899e492_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:c869330faff69d3c83411b4b4c7551d6f082511c8d816e7947b4591fd6b0f7b5_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:584286170d5b1bb360fda36d9ec705cacf96177799d47b3e3dc7ec506e4d7579_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:2987990bc63fa58ced038084921bdf168a017bd0b94b296a7c79dc264388339a_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:66e773cf82a564ebe81af3d5206e6b24ddf9559ccb1e9f90646f0203b5da6863_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:74b1659b62a5d75ef62f8fc46701445a51a1e78e8d7d96ccccab47cdd67acacb_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:83746838d5b190c09d22dd1cc34c7d4822022534c624be10854bd9b660713932_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2c723b07206550b1fc1ec2df455931b93f84caabbc41784741f539579ea99dd3_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:25b4647a37692cde90c499460a62a78342827265992adc0740bef650028fc2df_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f0fc8196ffce6f355f06c0157a38e36109eaa9be1f3e91ad71fdd72bc33ee509_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:fdb74e11ba60926cf6abfe7898ffec199d3efe07fb0273e794ba4e10c9f7ad70_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:d273d52e59706f54e1f5382119db5f50b462281fba160dab6d85b57707b45eec_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:5ee6284d6354e4e55f1ee7eb5a79b833aae6e31bf42bf185c4192e5d373f06e7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7c02ce667bc7b6693596ba249e34d7233a95fdb1966ce317927b2363518a564f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:eb1067cf493864c4ca48459b2f9adf0964b3849564743a17e7a3686e925e448f_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:f4615211c16cc89f94043e2588400957b8fd225f233c86096542ac1364678cf4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1690d6c99f4626289bcdd78c8521edffb61c91da1a45aa2eb2b6ab2af137b7c1_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1ff67f3ff46b59b86c2f29596008440da7da8d594005881c65d6d4ab645aefc6_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b251e7b26d4a6f3443d6d795a4d92992b5f79d56e5561477648eabae286d7641_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:87f5569806a8960520bab78d69514f2e2061b2ad69040cf7c164a5037c27e6bf_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:c8dce4a25f10645edc649576e995b2b6619c8bc39c2c30d3cffbe3a3c3a86b35_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:e0d3839cbb1734c0e224e0c076c7c8b4d0e0888e31989b8a6a611418ea2c72bc_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-operator-bundle@sha256:6d7720076a49e7e35b52a84c98d858a0c7b767ccad79ad3cfbf721419053669a_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:00bdcca61bc8765fbbc838deeb86392ce25c72f0170241c270484ec9b77bd263_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:852442ee591c566acde876d1101b89f6009f186f6f705bb128754b2ed0043d46_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:ac8d47727a66b68185bf77848b27b8e5a9c41a023cb6f424a75369b6e4b500a7_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c6eb556ecea92be74c6175061678d06bb3006a6ccfc5927d2327ddcf244c934b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:37d0208891259e9d725fb4146d023c1f0cd0dafbff8e322b7c12621ea25f8c85_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49f1e7092bdd19f318580b3d4dfc37dbec8435f814b7d1b863ed34a6ba6157ee_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:e9f1e2743fe9930ccb470c6eb8d9e9577640fe6a9ab7a013648e513b6216fa74_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7f8435653f35ea08e5d5e7305a06ad3ebee9ddf04f8c03c3cb34fd6fe1f6f577_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2bd4927011a029a1dd7ba2baa2fdc759d431550879eddc8813d89cb44cdb2767_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:526abc72ccfa1729a5962911f92da64a3dda4a689421ecdb21c7ad2a049f53ef_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:a492d94ceced107b6b8dc7339cca181875d2245c5f8ac9ecc51979160a341d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:f588f9517ac72fb92989f929ad6e643440f709cb4d311974d0e201bfd6b17958_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5aad1d226292a42c700e97575eec56040108869acdcb720a9c5b32d02a0035b3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:d40189f09ff39240e5e49412c1314d9911fcb957459c7496b215da8c9f758b8e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:ecc54bc4e8be6f3bfade15c23827e84445acc12c63b4e133cee73e57ac5a42aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-operator-bundle@sha256:08d6bef2c472ebd7918a9124ac40e6ac0b834df9a7b4a160f027f511345a7df7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2abd2d479416e66c6f85e4e883d5e4987bc38f476f907766374784107b89de9a_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2b5deb8c15ca85aec11aa24b3c7cdc200e7ece6b8e53cdf0b073898c8f3c87a5_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4d0f4fe708b4aea53b1bbf71fb10a41fd50313d62fb380b7cafd6abb130b5024_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:d2cc16ec9cc1f40da3b1967bc9a7b208062c5bc4a2753213ae2c41c62c5115aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:0a5ac166f5ebddae21dcf2ce8a5932494209533ac4a92ff5551a402291f27ff9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c59f7905c54d41103305ecef9883cbe5f37f8a1921572773d9fd783c35026be3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c786effa06598ecb80690644d1c9075588e123ad200db05686568a80a1feeb56_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:cb4d70c84e2d58e9a4f8108a16ad6f7e1ab78fc4ef7a96dc96f8b5ba788ece0e_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:65176cfc11dcc49e7b175404475dd0fcd9ad14e3b3e8ab85816cf52d64c51512_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:7ea7c9adce3bb022e345cffcb939e4d4d03e44717ac32a00cbef60d3fb5eb2b3_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:b14c3a7c4cc6531ed0d9701fe1b07ddc8c85e702ef8b058f0eaaadb1e8852a04_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:173a4998c70c4c8ff9d0d4f90fb48e8e3d3f8fbc4deeb4f742cbaa38dda61215_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:20c7a4f70f6000f204a3c53c153aaa3c08be94c98c09b90f538b2a19156a00e0_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:c5e4d50a9c4ee10b0e7f9bba3d4d21bf479b19423ef3e0530a6637be85acc1ed_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:d277d4fdca57ce067c39f039795be4890fa7fc8d38eccebad11a1d9597e87a20_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:599bfb2b83e095f88d90a408d4e8bf66bf10070255c5d174ca9ed8668111d25f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b2fbb75c7054d13ff54575b398d6d70b5f0348c9777fcb88611b95c0dc18db4e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:bdfb055790f5c58fd4d5699cdcb07151f4be909d920f3243d4610b74183a961d_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:d56cef998bb118950349234aacabc55dd066bb065b3502206505b1f7b01534c4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:40f8584e7ed0be1742fc3d40ee639dfd5323e38c55c7fcae4146d4246abf6cf0_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c8def04b4b3d5eb619a67c199c543e637582bfd8dbf59785bc7ebdb190a6511_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4da2afb698447df4a45a8bc1b479e57a5da7cd7a3ace09e131717a31155ec8a5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:95172347459900115fd67d22daa025b8545a9ee9ec05d1098f9196710c720d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:3db3d6a4b9ff4b4b17784d1e1390fcd8888d87f827a726b6cbafe6977d10230b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:116f99072859f76161266a538d92d7e19e3b463fc18e6084cf7faf7a6b311116_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c5b233911109f0a218b634d8d317229a3949b2ea5936b7ec91ebfcdd6f15060_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:da96f0e217a418accd74f8958444423cb4baca7311ee8d3bf70d22c42597f5cb_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d719d402444a60324cf1d9f7aaadfd49bcc1e9ed725a39e08ea317336bddbb67_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:053ad72159390ad37825015b051252dc162f46ebeeab4866e1568af1f0084cab_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:228bbd789e0de72a48a3673fab02aa53b14485fce3b27d2e4cd30eb30f5ac1b6_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d72bc2058e6fe68d79add2423d6ec95baf531f4d3e6a542f6e9d9a07f52bd9c9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:ea4c2c1e333eb04d8d5514d255336aa7f0d20fa462b595ebcadcf2929acf9909_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:1645b8ebfe127ec4a9b8c7c7a2d2ae6723bf1c02d49920a7f579197e8d21366f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:9164cc380719f38594bfef8cd590c16c53b066809ceecfc04ebef36355f42ce9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:ca0284c10827905e1576ea0a01bb09425acbf96d30b2e556b34e22e2d0115196_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:eb4386e6dfb4a2277085dbc44190243c40d973b80e9985fe42378098eb35e6e7_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-operator-bundle@sha256:2e8752ff9ae05a7ed9a3ed160681c17c8e5ffaf5b46b9ec37f7cbb6938388c8b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:9dd75502bd5db692f56e9f7e3fdbc0198c1767fa24b0bbfda380579506db6e4f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1d10099e7b5e3a3c4444569f6af365f90494c71b758aad1dad53f5aecf788ca5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:65c4003dfb7180e015ec74fe9e599bcc313501ab9b9c67d61fc59a68e6c89349_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:9bd2dd681994141e8566c1af858850b323def19b4ffbea2af12efd1d0e1015e9_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c988f8015f90581e97bb97210853d417b7f090e62d39a0469865e1628a9dbbd3_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:141b7b2c681d3313e3b09a77766f1babf684864433c3a1ae142085a69899e492_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:c869330faff69d3c83411b4b4c7551d6f082511c8d816e7947b4591fd6b0f7b5_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:584286170d5b1bb360fda36d9ec705cacf96177799d47b3e3dc7ec506e4d7579_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:2987990bc63fa58ced038084921bdf168a017bd0b94b296a7c79dc264388339a_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:66e773cf82a564ebe81af3d5206e6b24ddf9559ccb1e9f90646f0203b5da6863_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:74b1659b62a5d75ef62f8fc46701445a51a1e78e8d7d96ccccab47cdd67acacb_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:83746838d5b190c09d22dd1cc34c7d4822022534c624be10854bd9b660713932_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2c723b07206550b1fc1ec2df455931b93f84caabbc41784741f539579ea99dd3_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:25b4647a37692cde90c499460a62a78342827265992adc0740bef650028fc2df_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f0fc8196ffce6f355f06c0157a38e36109eaa9be1f3e91ad71fdd72bc33ee509_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:fdb74e11ba60926cf6abfe7898ffec199d3efe07fb0273e794ba4e10c9f7ad70_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "brace-expansion: juliangruber brace-expansion index.js expand redos"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale",
"James Force"
]
}
],
"cve": "CVE-2025-7195",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"discovery_date": "2025-07-04T08:54:01.878000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:d273d52e59706f54e1f5382119db5f50b462281fba160dab6d85b57707b45eec_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-operator-bundle@sha256:6d7720076a49e7e35b52a84c98d858a0c7b767ccad79ad3cfbf721419053669a_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7f8435653f35ea08e5d5e7305a06ad3ebee9ddf04f8c03c3cb34fd6fe1f6f577_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-operator-bundle@sha256:08d6bef2c472ebd7918a9124ac40e6ac0b834df9a7b4a160f027f511345a7df7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:d277d4fdca57ce067c39f039795be4890fa7fc8d38eccebad11a1d9597e87a20_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:3db3d6a4b9ff4b4b17784d1e1390fcd8888d87f827a726b6cbafe6977d10230b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d719d402444a60324cf1d9f7aaadfd49bcc1e9ed725a39e08ea317336bddbb67_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-operator-bundle@sha256:2e8752ff9ae05a7ed9a3ed160681c17c8e5ffaf5b46b9ec37f7cbb6938388c8b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:9dd75502bd5db692f56e9f7e3fdbc0198c1767fa24b0bbfda380579506db6e4f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:141b7b2c681d3313e3b09a77766f1babf684864433c3a1ae142085a69899e492_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:c869330faff69d3c83411b4b4c7551d6f082511c8d816e7947b4591fd6b0f7b5_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:584286170d5b1bb360fda36d9ec705cacf96177799d47b3e3dc7ec506e4d7579_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2c723b07206550b1fc1ec2df455931b93f84caabbc41784741f539579ea99dd3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2376300"
}
],
"notes": [
{
"category": "description",
"text": "Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. \n\nIn affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this vulnerability as low severity for affected products which run on OpenShift. The vulnerability allows for potential privilege escalation within a container, but OpenShift\u0027s default, multi-layered security posture effectively mitigates this risk. \n\nThe primary controls include the default Security Context Constraints (SCC), which severely limit a container\u0027s permissions from the start, and SELinux, which enforces mandatory access control to ensure strict isolation. While other container runtime environments may have different controls available and require case-by-case analysis, OpenShift\u0027s built-in defenses are designed to prevent this type of attack.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:5ee6284d6354e4e55f1ee7eb5a79b833aae6e31bf42bf185c4192e5d373f06e7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7c02ce667bc7b6693596ba249e34d7233a95fdb1966ce317927b2363518a564f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:eb1067cf493864c4ca48459b2f9adf0964b3849564743a17e7a3686e925e448f_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:f4615211c16cc89f94043e2588400957b8fd225f233c86096542ac1364678cf4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1690d6c99f4626289bcdd78c8521edffb61c91da1a45aa2eb2b6ab2af137b7c1_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1ff67f3ff46b59b86c2f29596008440da7da8d594005881c65d6d4ab645aefc6_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b251e7b26d4a6f3443d6d795a4d92992b5f79d56e5561477648eabae286d7641_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:87f5569806a8960520bab78d69514f2e2061b2ad69040cf7c164a5037c27e6bf_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:c8dce4a25f10645edc649576e995b2b6619c8bc39c2c30d3cffbe3a3c3a86b35_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:e0d3839cbb1734c0e224e0c076c7c8b4d0e0888e31989b8a6a611418ea2c72bc_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:00bdcca61bc8765fbbc838deeb86392ce25c72f0170241c270484ec9b77bd263_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:852442ee591c566acde876d1101b89f6009f186f6f705bb128754b2ed0043d46_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:ac8d47727a66b68185bf77848b27b8e5a9c41a023cb6f424a75369b6e4b500a7_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c6eb556ecea92be74c6175061678d06bb3006a6ccfc5927d2327ddcf244c934b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:37d0208891259e9d725fb4146d023c1f0cd0dafbff8e322b7c12621ea25f8c85_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49f1e7092bdd19f318580b3d4dfc37dbec8435f814b7d1b863ed34a6ba6157ee_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:e9f1e2743fe9930ccb470c6eb8d9e9577640fe6a9ab7a013648e513b6216fa74_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2bd4927011a029a1dd7ba2baa2fdc759d431550879eddc8813d89cb44cdb2767_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:526abc72ccfa1729a5962911f92da64a3dda4a689421ecdb21c7ad2a049f53ef_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:a492d94ceced107b6b8dc7339cca181875d2245c5f8ac9ecc51979160a341d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:f588f9517ac72fb92989f929ad6e643440f709cb4d311974d0e201bfd6b17958_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5aad1d226292a42c700e97575eec56040108869acdcb720a9c5b32d02a0035b3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:d40189f09ff39240e5e49412c1314d9911fcb957459c7496b215da8c9f758b8e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:ecc54bc4e8be6f3bfade15c23827e84445acc12c63b4e133cee73e57ac5a42aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2abd2d479416e66c6f85e4e883d5e4987bc38f476f907766374784107b89de9a_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2b5deb8c15ca85aec11aa24b3c7cdc200e7ece6b8e53cdf0b073898c8f3c87a5_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4d0f4fe708b4aea53b1bbf71fb10a41fd50313d62fb380b7cafd6abb130b5024_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:d2cc16ec9cc1f40da3b1967bc9a7b208062c5bc4a2753213ae2c41c62c5115aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:0a5ac166f5ebddae21dcf2ce8a5932494209533ac4a92ff5551a402291f27ff9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c59f7905c54d41103305ecef9883cbe5f37f8a1921572773d9fd783c35026be3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c786effa06598ecb80690644d1c9075588e123ad200db05686568a80a1feeb56_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:cb4d70c84e2d58e9a4f8108a16ad6f7e1ab78fc4ef7a96dc96f8b5ba788ece0e_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:65176cfc11dcc49e7b175404475dd0fcd9ad14e3b3e8ab85816cf52d64c51512_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:7ea7c9adce3bb022e345cffcb939e4d4d03e44717ac32a00cbef60d3fb5eb2b3_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:b14c3a7c4cc6531ed0d9701fe1b07ddc8c85e702ef8b058f0eaaadb1e8852a04_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:173a4998c70c4c8ff9d0d4f90fb48e8e3d3f8fbc4deeb4f742cbaa38dda61215_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:20c7a4f70f6000f204a3c53c153aaa3c08be94c98c09b90f538b2a19156a00e0_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:c5e4d50a9c4ee10b0e7f9bba3d4d21bf479b19423ef3e0530a6637be85acc1ed_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:599bfb2b83e095f88d90a408d4e8bf66bf10070255c5d174ca9ed8668111d25f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b2fbb75c7054d13ff54575b398d6d70b5f0348c9777fcb88611b95c0dc18db4e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:bdfb055790f5c58fd4d5699cdcb07151f4be909d920f3243d4610b74183a961d_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:d56cef998bb118950349234aacabc55dd066bb065b3502206505b1f7b01534c4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:40f8584e7ed0be1742fc3d40ee639dfd5323e38c55c7fcae4146d4246abf6cf0_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c8def04b4b3d5eb619a67c199c543e637582bfd8dbf59785bc7ebdb190a6511_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4da2afb698447df4a45a8bc1b479e57a5da7cd7a3ace09e131717a31155ec8a5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:95172347459900115fd67d22daa025b8545a9ee9ec05d1098f9196710c720d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:116f99072859f76161266a538d92d7e19e3b463fc18e6084cf7faf7a6b311116_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c5b233911109f0a218b634d8d317229a3949b2ea5936b7ec91ebfcdd6f15060_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:da96f0e217a418accd74f8958444423cb4baca7311ee8d3bf70d22c42597f5cb_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:053ad72159390ad37825015b051252dc162f46ebeeab4866e1568af1f0084cab_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:228bbd789e0de72a48a3673fab02aa53b14485fce3b27d2e4cd30eb30f5ac1b6_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d72bc2058e6fe68d79add2423d6ec95baf531f4d3e6a542f6e9d9a07f52bd9c9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:ea4c2c1e333eb04d8d5514d255336aa7f0d20fa462b595ebcadcf2929acf9909_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:1645b8ebfe127ec4a9b8c7c7a2d2ae6723bf1c02d49920a7f579197e8d21366f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:9164cc380719f38594bfef8cd590c16c53b066809ceecfc04ebef36355f42ce9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:ca0284c10827905e1576ea0a01bb09425acbf96d30b2e556b34e22e2d0115196_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:eb4386e6dfb4a2277085dbc44190243c40d973b80e9985fe42378098eb35e6e7_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1d10099e7b5e3a3c4444569f6af365f90494c71b758aad1dad53f5aecf788ca5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:65c4003dfb7180e015ec74fe9e599bcc313501ab9b9c67d61fc59a68e6c89349_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:9bd2dd681994141e8566c1af858850b323def19b4ffbea2af12efd1d0e1015e9_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c988f8015f90581e97bb97210853d417b7f090e62d39a0469865e1628a9dbbd3_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:2987990bc63fa58ced038084921bdf168a017bd0b94b296a7c79dc264388339a_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:66e773cf82a564ebe81af3d5206e6b24ddf9559ccb1e9f90646f0203b5da6863_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:74b1659b62a5d75ef62f8fc46701445a51a1e78e8d7d96ccccab47cdd67acacb_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:83746838d5b190c09d22dd1cc34c7d4822022534c624be10854bd9b660713932_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:25b4647a37692cde90c499460a62a78342827265992adc0740bef650028fc2df_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f0fc8196ffce6f355f06c0157a38e36109eaa9be1f3e91ad71fdd72bc33ee509_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:fdb74e11ba60926cf6abfe7898ffec199d3efe07fb0273e794ba4e10c9f7ad70_s390x"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:d273d52e59706f54e1f5382119db5f50b462281fba160dab6d85b57707b45eec_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-operator-bundle@sha256:6d7720076a49e7e35b52a84c98d858a0c7b767ccad79ad3cfbf721419053669a_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7f8435653f35ea08e5d5e7305a06ad3ebee9ddf04f8c03c3cb34fd6fe1f6f577_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-operator-bundle@sha256:08d6bef2c472ebd7918a9124ac40e6ac0b834df9a7b4a160f027f511345a7df7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:d277d4fdca57ce067c39f039795be4890fa7fc8d38eccebad11a1d9597e87a20_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:3db3d6a4b9ff4b4b17784d1e1390fcd8888d87f827a726b6cbafe6977d10230b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d719d402444a60324cf1d9f7aaadfd49bcc1e9ed725a39e08ea317336bddbb67_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-operator-bundle@sha256:2e8752ff9ae05a7ed9a3ed160681c17c8e5ffaf5b46b9ec37f7cbb6938388c8b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:9dd75502bd5db692f56e9f7e3fdbc0198c1767fa24b0bbfda380579506db6e4f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:141b7b2c681d3313e3b09a77766f1babf684864433c3a1ae142085a69899e492_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:c869330faff69d3c83411b4b4c7551d6f082511c8d816e7947b4591fd6b0f7b5_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:584286170d5b1bb360fda36d9ec705cacf96177799d47b3e3dc7ec506e4d7579_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2c723b07206550b1fc1ec2df455931b93f84caabbc41784741f539579ea99dd3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7195"
},
{
"category": "external",
"summary": "RHBZ#2376300",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376300"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7195",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7195"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7195",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7195"
}
],
"release_date": "2025-08-07T18:59:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-13T17:36:32+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.18/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:5ee6284d6354e4e55f1ee7eb5a79b833aae6e31bf42bf185c4192e5d373f06e7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7c02ce667bc7b6693596ba249e34d7233a95fdb1966ce317927b2363518a564f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:eb1067cf493864c4ca48459b2f9adf0964b3849564743a17e7a3686e925e448f_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:f4615211c16cc89f94043e2588400957b8fd225f233c86096542ac1364678cf4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1690d6c99f4626289bcdd78c8521edffb61c91da1a45aa2eb2b6ab2af137b7c1_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1ff67f3ff46b59b86c2f29596008440da7da8d594005881c65d6d4ab645aefc6_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b251e7b26d4a6f3443d6d795a4d92992b5f79d56e5561477648eabae286d7641_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:87f5569806a8960520bab78d69514f2e2061b2ad69040cf7c164a5037c27e6bf_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:c8dce4a25f10645edc649576e995b2b6619c8bc39c2c30d3cffbe3a3c3a86b35_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:e0d3839cbb1734c0e224e0c076c7c8b4d0e0888e31989b8a6a611418ea2c72bc_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:00bdcca61bc8765fbbc838deeb86392ce25c72f0170241c270484ec9b77bd263_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:852442ee591c566acde876d1101b89f6009f186f6f705bb128754b2ed0043d46_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:ac8d47727a66b68185bf77848b27b8e5a9c41a023cb6f424a75369b6e4b500a7_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c6eb556ecea92be74c6175061678d06bb3006a6ccfc5927d2327ddcf244c934b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:37d0208891259e9d725fb4146d023c1f0cd0dafbff8e322b7c12621ea25f8c85_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49f1e7092bdd19f318580b3d4dfc37dbec8435f814b7d1b863ed34a6ba6157ee_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:e9f1e2743fe9930ccb470c6eb8d9e9577640fe6a9ab7a013648e513b6216fa74_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2bd4927011a029a1dd7ba2baa2fdc759d431550879eddc8813d89cb44cdb2767_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:526abc72ccfa1729a5962911f92da64a3dda4a689421ecdb21c7ad2a049f53ef_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:a492d94ceced107b6b8dc7339cca181875d2245c5f8ac9ecc51979160a341d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:f588f9517ac72fb92989f929ad6e643440f709cb4d311974d0e201bfd6b17958_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5aad1d226292a42c700e97575eec56040108869acdcb720a9c5b32d02a0035b3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:d40189f09ff39240e5e49412c1314d9911fcb957459c7496b215da8c9f758b8e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:ecc54bc4e8be6f3bfade15c23827e84445acc12c63b4e133cee73e57ac5a42aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2abd2d479416e66c6f85e4e883d5e4987bc38f476f907766374784107b89de9a_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2b5deb8c15ca85aec11aa24b3c7cdc200e7ece6b8e53cdf0b073898c8f3c87a5_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4d0f4fe708b4aea53b1bbf71fb10a41fd50313d62fb380b7cafd6abb130b5024_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:d2cc16ec9cc1f40da3b1967bc9a7b208062c5bc4a2753213ae2c41c62c5115aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:0a5ac166f5ebddae21dcf2ce8a5932494209533ac4a92ff5551a402291f27ff9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c59f7905c54d41103305ecef9883cbe5f37f8a1921572773d9fd783c35026be3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c786effa06598ecb80690644d1c9075588e123ad200db05686568a80a1feeb56_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:cb4d70c84e2d58e9a4f8108a16ad6f7e1ab78fc4ef7a96dc96f8b5ba788ece0e_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:65176cfc11dcc49e7b175404475dd0fcd9ad14e3b3e8ab85816cf52d64c51512_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:7ea7c9adce3bb022e345cffcb939e4d4d03e44717ac32a00cbef60d3fb5eb2b3_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:b14c3a7c4cc6531ed0d9701fe1b07ddc8c85e702ef8b058f0eaaadb1e8852a04_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:173a4998c70c4c8ff9d0d4f90fb48e8e3d3f8fbc4deeb4f742cbaa38dda61215_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:20c7a4f70f6000f204a3c53c153aaa3c08be94c98c09b90f538b2a19156a00e0_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:c5e4d50a9c4ee10b0e7f9bba3d4d21bf479b19423ef3e0530a6637be85acc1ed_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:599bfb2b83e095f88d90a408d4e8bf66bf10070255c5d174ca9ed8668111d25f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b2fbb75c7054d13ff54575b398d6d70b5f0348c9777fcb88611b95c0dc18db4e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:bdfb055790f5c58fd4d5699cdcb07151f4be909d920f3243d4610b74183a961d_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:d56cef998bb118950349234aacabc55dd066bb065b3502206505b1f7b01534c4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:40f8584e7ed0be1742fc3d40ee639dfd5323e38c55c7fcae4146d4246abf6cf0_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c8def04b4b3d5eb619a67c199c543e637582bfd8dbf59785bc7ebdb190a6511_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4da2afb698447df4a45a8bc1b479e57a5da7cd7a3ace09e131717a31155ec8a5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:95172347459900115fd67d22daa025b8545a9ee9ec05d1098f9196710c720d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:116f99072859f76161266a538d92d7e19e3b463fc18e6084cf7faf7a6b311116_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c5b233911109f0a218b634d8d317229a3949b2ea5936b7ec91ebfcdd6f15060_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:da96f0e217a418accd74f8958444423cb4baca7311ee8d3bf70d22c42597f5cb_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:053ad72159390ad37825015b051252dc162f46ebeeab4866e1568af1f0084cab_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:228bbd789e0de72a48a3673fab02aa53b14485fce3b27d2e4cd30eb30f5ac1b6_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d72bc2058e6fe68d79add2423d6ec95baf531f4d3e6a542f6e9d9a07f52bd9c9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:ea4c2c1e333eb04d8d5514d255336aa7f0d20fa462b595ebcadcf2929acf9909_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:1645b8ebfe127ec4a9b8c7c7a2d2ae6723bf1c02d49920a7f579197e8d21366f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:9164cc380719f38594bfef8cd590c16c53b066809ceecfc04ebef36355f42ce9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:ca0284c10827905e1576ea0a01bb09425acbf96d30b2e556b34e22e2d0115196_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:eb4386e6dfb4a2277085dbc44190243c40d973b80e9985fe42378098eb35e6e7_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1d10099e7b5e3a3c4444569f6af365f90494c71b758aad1dad53f5aecf788ca5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:65c4003dfb7180e015ec74fe9e599bcc313501ab9b9c67d61fc59a68e6c89349_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:9bd2dd681994141e8566c1af858850b323def19b4ffbea2af12efd1d0e1015e9_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c988f8015f90581e97bb97210853d417b7f090e62d39a0469865e1628a9dbbd3_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:2987990bc63fa58ced038084921bdf168a017bd0b94b296a7c79dc264388339a_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:66e773cf82a564ebe81af3d5206e6b24ddf9559ccb1e9f90646f0203b5da6863_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:74b1659b62a5d75ef62f8fc46701445a51a1e78e8d7d96ccccab47cdd67acacb_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:83746838d5b190c09d22dd1cc34c7d4822022534c624be10854bd9b660713932_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:25b4647a37692cde90c499460a62a78342827265992adc0740bef650028fc2df_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f0fc8196ffce6f355f06c0157a38e36109eaa9be1f3e91ad71fdd72bc33ee509_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:fdb74e11ba60926cf6abfe7898ffec199d3efe07fb0273e794ba4e10c9f7ad70_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21368"
},
{
"category": "workaround",
"details": "In Red Hat OpenShift Container Platform, the following default configurations reduce the impact of this vulnerability.\n\nSecurity Context Constraints (SCCs): The default SCC, Restricted-v2, applies several crucial security settings to containers. \n\nCapabilities: drop: ALL removes all Linux capabilities, including SETUID and SETGID. This prevents a process from changing its user or group ID, a common step in privilege escalation attacks. The SETUID and SETGID capabilities can also be dropped explicitly if other capabilities are still required.\n\nallowPrivilegeEscalation: false ensures that a process cannot gain more privileges than its parent process. This blocks attempts by a compromised container process to grant itself additional capabilities.\n\nSELinux Mandatory Access Control (MAC): Pods are required to run with a pre-allocated Multi-Category Security (MCS) label. This SELinux feature provides a strong layer of isolation between containers and from the host system. A properly configured SELinux policy can prevent a container escape, even if an attacker gains elevated permissions within the container itself.\n\nFilesystem Hardening: While not a default setting, a common security practice is to set readOnlyRootFilesystem: true in a container\u0027s security context. In this specific scenario, this configuration would prevent an attacker from modifying critical files like /etc/passwd, even if they managed to gain file-level write permissions.",
"product_ids": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:d273d52e59706f54e1f5382119db5f50b462281fba160dab6d85b57707b45eec_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:5ee6284d6354e4e55f1ee7eb5a79b833aae6e31bf42bf185c4192e5d373f06e7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7c02ce667bc7b6693596ba249e34d7233a95fdb1966ce317927b2363518a564f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:eb1067cf493864c4ca48459b2f9adf0964b3849564743a17e7a3686e925e448f_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:f4615211c16cc89f94043e2588400957b8fd225f233c86096542ac1364678cf4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1690d6c99f4626289bcdd78c8521edffb61c91da1a45aa2eb2b6ab2af137b7c1_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1ff67f3ff46b59b86c2f29596008440da7da8d594005881c65d6d4ab645aefc6_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b251e7b26d4a6f3443d6d795a4d92992b5f79d56e5561477648eabae286d7641_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:87f5569806a8960520bab78d69514f2e2061b2ad69040cf7c164a5037c27e6bf_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:c8dce4a25f10645edc649576e995b2b6619c8bc39c2c30d3cffbe3a3c3a86b35_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:e0d3839cbb1734c0e224e0c076c7c8b4d0e0888e31989b8a6a611418ea2c72bc_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-operator-bundle@sha256:6d7720076a49e7e35b52a84c98d858a0c7b767ccad79ad3cfbf721419053669a_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:00bdcca61bc8765fbbc838deeb86392ce25c72f0170241c270484ec9b77bd263_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:852442ee591c566acde876d1101b89f6009f186f6f705bb128754b2ed0043d46_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:ac8d47727a66b68185bf77848b27b8e5a9c41a023cb6f424a75369b6e4b500a7_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c6eb556ecea92be74c6175061678d06bb3006a6ccfc5927d2327ddcf244c934b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:37d0208891259e9d725fb4146d023c1f0cd0dafbff8e322b7c12621ea25f8c85_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49f1e7092bdd19f318580b3d4dfc37dbec8435f814b7d1b863ed34a6ba6157ee_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:e9f1e2743fe9930ccb470c6eb8d9e9577640fe6a9ab7a013648e513b6216fa74_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7f8435653f35ea08e5d5e7305a06ad3ebee9ddf04f8c03c3cb34fd6fe1f6f577_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2bd4927011a029a1dd7ba2baa2fdc759d431550879eddc8813d89cb44cdb2767_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:526abc72ccfa1729a5962911f92da64a3dda4a689421ecdb21c7ad2a049f53ef_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:a492d94ceced107b6b8dc7339cca181875d2245c5f8ac9ecc51979160a341d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:f588f9517ac72fb92989f929ad6e643440f709cb4d311974d0e201bfd6b17958_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5aad1d226292a42c700e97575eec56040108869acdcb720a9c5b32d02a0035b3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:d40189f09ff39240e5e49412c1314d9911fcb957459c7496b215da8c9f758b8e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:ecc54bc4e8be6f3bfade15c23827e84445acc12c63b4e133cee73e57ac5a42aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-operator-bundle@sha256:08d6bef2c472ebd7918a9124ac40e6ac0b834df9a7b4a160f027f511345a7df7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2abd2d479416e66c6f85e4e883d5e4987bc38f476f907766374784107b89de9a_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2b5deb8c15ca85aec11aa24b3c7cdc200e7ece6b8e53cdf0b073898c8f3c87a5_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4d0f4fe708b4aea53b1bbf71fb10a41fd50313d62fb380b7cafd6abb130b5024_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:d2cc16ec9cc1f40da3b1967bc9a7b208062c5bc4a2753213ae2c41c62c5115aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:0a5ac166f5ebddae21dcf2ce8a5932494209533ac4a92ff5551a402291f27ff9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c59f7905c54d41103305ecef9883cbe5f37f8a1921572773d9fd783c35026be3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c786effa06598ecb80690644d1c9075588e123ad200db05686568a80a1feeb56_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:cb4d70c84e2d58e9a4f8108a16ad6f7e1ab78fc4ef7a96dc96f8b5ba788ece0e_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:65176cfc11dcc49e7b175404475dd0fcd9ad14e3b3e8ab85816cf52d64c51512_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:7ea7c9adce3bb022e345cffcb939e4d4d03e44717ac32a00cbef60d3fb5eb2b3_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:b14c3a7c4cc6531ed0d9701fe1b07ddc8c85e702ef8b058f0eaaadb1e8852a04_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:173a4998c70c4c8ff9d0d4f90fb48e8e3d3f8fbc4deeb4f742cbaa38dda61215_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:20c7a4f70f6000f204a3c53c153aaa3c08be94c98c09b90f538b2a19156a00e0_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:c5e4d50a9c4ee10b0e7f9bba3d4d21bf479b19423ef3e0530a6637be85acc1ed_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:d277d4fdca57ce067c39f039795be4890fa7fc8d38eccebad11a1d9597e87a20_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:599bfb2b83e095f88d90a408d4e8bf66bf10070255c5d174ca9ed8668111d25f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b2fbb75c7054d13ff54575b398d6d70b5f0348c9777fcb88611b95c0dc18db4e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:bdfb055790f5c58fd4d5699cdcb07151f4be909d920f3243d4610b74183a961d_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:d56cef998bb118950349234aacabc55dd066bb065b3502206505b1f7b01534c4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:40f8584e7ed0be1742fc3d40ee639dfd5323e38c55c7fcae4146d4246abf6cf0_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c8def04b4b3d5eb619a67c199c543e637582bfd8dbf59785bc7ebdb190a6511_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4da2afb698447df4a45a8bc1b479e57a5da7cd7a3ace09e131717a31155ec8a5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:95172347459900115fd67d22daa025b8545a9ee9ec05d1098f9196710c720d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:3db3d6a4b9ff4b4b17784d1e1390fcd8888d87f827a726b6cbafe6977d10230b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:116f99072859f76161266a538d92d7e19e3b463fc18e6084cf7faf7a6b311116_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c5b233911109f0a218b634d8d317229a3949b2ea5936b7ec91ebfcdd6f15060_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:da96f0e217a418accd74f8958444423cb4baca7311ee8d3bf70d22c42597f5cb_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d719d402444a60324cf1d9f7aaadfd49bcc1e9ed725a39e08ea317336bddbb67_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:053ad72159390ad37825015b051252dc162f46ebeeab4866e1568af1f0084cab_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:228bbd789e0de72a48a3673fab02aa53b14485fce3b27d2e4cd30eb30f5ac1b6_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d72bc2058e6fe68d79add2423d6ec95baf531f4d3e6a542f6e9d9a07f52bd9c9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:ea4c2c1e333eb04d8d5514d255336aa7f0d20fa462b595ebcadcf2929acf9909_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:1645b8ebfe127ec4a9b8c7c7a2d2ae6723bf1c02d49920a7f579197e8d21366f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:9164cc380719f38594bfef8cd590c16c53b066809ceecfc04ebef36355f42ce9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:ca0284c10827905e1576ea0a01bb09425acbf96d30b2e556b34e22e2d0115196_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:eb4386e6dfb4a2277085dbc44190243c40d973b80e9985fe42378098eb35e6e7_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-operator-bundle@sha256:2e8752ff9ae05a7ed9a3ed160681c17c8e5ffaf5b46b9ec37f7cbb6938388c8b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:9dd75502bd5db692f56e9f7e3fdbc0198c1767fa24b0bbfda380579506db6e4f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1d10099e7b5e3a3c4444569f6af365f90494c71b758aad1dad53f5aecf788ca5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:65c4003dfb7180e015ec74fe9e599bcc313501ab9b9c67d61fc59a68e6c89349_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:9bd2dd681994141e8566c1af858850b323def19b4ffbea2af12efd1d0e1015e9_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c988f8015f90581e97bb97210853d417b7f090e62d39a0469865e1628a9dbbd3_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:141b7b2c681d3313e3b09a77766f1babf684864433c3a1ae142085a69899e492_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:c869330faff69d3c83411b4b4c7551d6f082511c8d816e7947b4591fd6b0f7b5_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:584286170d5b1bb360fda36d9ec705cacf96177799d47b3e3dc7ec506e4d7579_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:2987990bc63fa58ced038084921bdf168a017bd0b94b296a7c79dc264388339a_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:66e773cf82a564ebe81af3d5206e6b24ddf9559ccb1e9f90646f0203b5da6863_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:74b1659b62a5d75ef62f8fc46701445a51a1e78e8d7d96ccccab47cdd67acacb_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:83746838d5b190c09d22dd1cc34c7d4822022534c624be10854bd9b660713932_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2c723b07206550b1fc1ec2df455931b93f84caabbc41784741f539579ea99dd3_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:25b4647a37692cde90c499460a62a78342827265992adc0740bef650028fc2df_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f0fc8196ffce6f355f06c0157a38e36109eaa9be1f3e91ad71fdd72bc33ee509_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:fdb74e11ba60926cf6abfe7898ffec199d3efe07fb0273e794ba4e10c9f7ad70_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:d273d52e59706f54e1f5382119db5f50b462281fba160dab6d85b57707b45eec_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:5ee6284d6354e4e55f1ee7eb5a79b833aae6e31bf42bf185c4192e5d373f06e7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7c02ce667bc7b6693596ba249e34d7233a95fdb1966ce317927b2363518a564f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:eb1067cf493864c4ca48459b2f9adf0964b3849564743a17e7a3686e925e448f_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:f4615211c16cc89f94043e2588400957b8fd225f233c86096542ac1364678cf4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1690d6c99f4626289bcdd78c8521edffb61c91da1a45aa2eb2b6ab2af137b7c1_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1ff67f3ff46b59b86c2f29596008440da7da8d594005881c65d6d4ab645aefc6_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b251e7b26d4a6f3443d6d795a4d92992b5f79d56e5561477648eabae286d7641_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:87f5569806a8960520bab78d69514f2e2061b2ad69040cf7c164a5037c27e6bf_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:c8dce4a25f10645edc649576e995b2b6619c8bc39c2c30d3cffbe3a3c3a86b35_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:e0d3839cbb1734c0e224e0c076c7c8b4d0e0888e31989b8a6a611418ea2c72bc_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-operator-bundle@sha256:6d7720076a49e7e35b52a84c98d858a0c7b767ccad79ad3cfbf721419053669a_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:00bdcca61bc8765fbbc838deeb86392ce25c72f0170241c270484ec9b77bd263_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:852442ee591c566acde876d1101b89f6009f186f6f705bb128754b2ed0043d46_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:ac8d47727a66b68185bf77848b27b8e5a9c41a023cb6f424a75369b6e4b500a7_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c6eb556ecea92be74c6175061678d06bb3006a6ccfc5927d2327ddcf244c934b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:37d0208891259e9d725fb4146d023c1f0cd0dafbff8e322b7c12621ea25f8c85_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49f1e7092bdd19f318580b3d4dfc37dbec8435f814b7d1b863ed34a6ba6157ee_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:e9f1e2743fe9930ccb470c6eb8d9e9577640fe6a9ab7a013648e513b6216fa74_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7f8435653f35ea08e5d5e7305a06ad3ebee9ddf04f8c03c3cb34fd6fe1f6f577_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2bd4927011a029a1dd7ba2baa2fdc759d431550879eddc8813d89cb44cdb2767_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:526abc72ccfa1729a5962911f92da64a3dda4a689421ecdb21c7ad2a049f53ef_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:a492d94ceced107b6b8dc7339cca181875d2245c5f8ac9ecc51979160a341d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:f588f9517ac72fb92989f929ad6e643440f709cb4d311974d0e201bfd6b17958_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5aad1d226292a42c700e97575eec56040108869acdcb720a9c5b32d02a0035b3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:d40189f09ff39240e5e49412c1314d9911fcb957459c7496b215da8c9f758b8e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:ecc54bc4e8be6f3bfade15c23827e84445acc12c63b4e133cee73e57ac5a42aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-operator-bundle@sha256:08d6bef2c472ebd7918a9124ac40e6ac0b834df9a7b4a160f027f511345a7df7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2abd2d479416e66c6f85e4e883d5e4987bc38f476f907766374784107b89de9a_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2b5deb8c15ca85aec11aa24b3c7cdc200e7ece6b8e53cdf0b073898c8f3c87a5_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4d0f4fe708b4aea53b1bbf71fb10a41fd50313d62fb380b7cafd6abb130b5024_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:d2cc16ec9cc1f40da3b1967bc9a7b208062c5bc4a2753213ae2c41c62c5115aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:0a5ac166f5ebddae21dcf2ce8a5932494209533ac4a92ff5551a402291f27ff9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c59f7905c54d41103305ecef9883cbe5f37f8a1921572773d9fd783c35026be3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c786effa06598ecb80690644d1c9075588e123ad200db05686568a80a1feeb56_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:cb4d70c84e2d58e9a4f8108a16ad6f7e1ab78fc4ef7a96dc96f8b5ba788ece0e_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:65176cfc11dcc49e7b175404475dd0fcd9ad14e3b3e8ab85816cf52d64c51512_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:7ea7c9adce3bb022e345cffcb939e4d4d03e44717ac32a00cbef60d3fb5eb2b3_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:b14c3a7c4cc6531ed0d9701fe1b07ddc8c85e702ef8b058f0eaaadb1e8852a04_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:173a4998c70c4c8ff9d0d4f90fb48e8e3d3f8fbc4deeb4f742cbaa38dda61215_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:20c7a4f70f6000f204a3c53c153aaa3c08be94c98c09b90f538b2a19156a00e0_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:c5e4d50a9c4ee10b0e7f9bba3d4d21bf479b19423ef3e0530a6637be85acc1ed_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:d277d4fdca57ce067c39f039795be4890fa7fc8d38eccebad11a1d9597e87a20_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:599bfb2b83e095f88d90a408d4e8bf66bf10070255c5d174ca9ed8668111d25f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b2fbb75c7054d13ff54575b398d6d70b5f0348c9777fcb88611b95c0dc18db4e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:bdfb055790f5c58fd4d5699cdcb07151f4be909d920f3243d4610b74183a961d_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:d56cef998bb118950349234aacabc55dd066bb065b3502206505b1f7b01534c4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:40f8584e7ed0be1742fc3d40ee639dfd5323e38c55c7fcae4146d4246abf6cf0_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c8def04b4b3d5eb619a67c199c543e637582bfd8dbf59785bc7ebdb190a6511_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4da2afb698447df4a45a8bc1b479e57a5da7cd7a3ace09e131717a31155ec8a5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:95172347459900115fd67d22daa025b8545a9ee9ec05d1098f9196710c720d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:3db3d6a4b9ff4b4b17784d1e1390fcd8888d87f827a726b6cbafe6977d10230b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:116f99072859f76161266a538d92d7e19e3b463fc18e6084cf7faf7a6b311116_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c5b233911109f0a218b634d8d317229a3949b2ea5936b7ec91ebfcdd6f15060_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:da96f0e217a418accd74f8958444423cb4baca7311ee8d3bf70d22c42597f5cb_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d719d402444a60324cf1d9f7aaadfd49bcc1e9ed725a39e08ea317336bddbb67_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:053ad72159390ad37825015b051252dc162f46ebeeab4866e1568af1f0084cab_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:228bbd789e0de72a48a3673fab02aa53b14485fce3b27d2e4cd30eb30f5ac1b6_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d72bc2058e6fe68d79add2423d6ec95baf531f4d3e6a542f6e9d9a07f52bd9c9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:ea4c2c1e333eb04d8d5514d255336aa7f0d20fa462b595ebcadcf2929acf9909_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:1645b8ebfe127ec4a9b8c7c7a2d2ae6723bf1c02d49920a7f579197e8d21366f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:9164cc380719f38594bfef8cd590c16c53b066809ceecfc04ebef36355f42ce9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:ca0284c10827905e1576ea0a01bb09425acbf96d30b2e556b34e22e2d0115196_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:eb4386e6dfb4a2277085dbc44190243c40d973b80e9985fe42378098eb35e6e7_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-operator-bundle@sha256:2e8752ff9ae05a7ed9a3ed160681c17c8e5ffaf5b46b9ec37f7cbb6938388c8b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:9dd75502bd5db692f56e9f7e3fdbc0198c1767fa24b0bbfda380579506db6e4f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1d10099e7b5e3a3c4444569f6af365f90494c71b758aad1dad53f5aecf788ca5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:65c4003dfb7180e015ec74fe9e599bcc313501ab9b9c67d61fc59a68e6c89349_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:9bd2dd681994141e8566c1af858850b323def19b4ffbea2af12efd1d0e1015e9_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c988f8015f90581e97bb97210853d417b7f090e62d39a0469865e1628a9dbbd3_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:141b7b2c681d3313e3b09a77766f1babf684864433c3a1ae142085a69899e492_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:c869330faff69d3c83411b4b4c7551d6f082511c8d816e7947b4591fd6b0f7b5_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:584286170d5b1bb360fda36d9ec705cacf96177799d47b3e3dc7ec506e4d7579_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:2987990bc63fa58ced038084921bdf168a017bd0b94b296a7c79dc264388339a_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:66e773cf82a564ebe81af3d5206e6b24ddf9559ccb1e9f90646f0203b5da6863_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:74b1659b62a5d75ef62f8fc46701445a51a1e78e8d7d96ccccab47cdd67acacb_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:83746838d5b190c09d22dd1cc34c7d4822022534c624be10854bd9b660713932_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2c723b07206550b1fc1ec2df455931b93f84caabbc41784741f539579ea99dd3_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:25b4647a37692cde90c499460a62a78342827265992adc0740bef650028fc2df_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f0fc8196ffce6f355f06c0157a38e36109eaa9be1f3e91ad71fdd72bc33ee509_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:fdb74e11ba60926cf6abfe7898ffec199d3efe07fb0273e794ba4e10c9f7ad70_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd"
},
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:d273d52e59706f54e1f5382119db5f50b462281fba160dab6d85b57707b45eec_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-operator-bundle@sha256:6d7720076a49e7e35b52a84c98d858a0c7b767ccad79ad3cfbf721419053669a_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7f8435653f35ea08e5d5e7305a06ad3ebee9ddf04f8c03c3cb34fd6fe1f6f577_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-operator-bundle@sha256:08d6bef2c472ebd7918a9124ac40e6ac0b834df9a7b4a160f027f511345a7df7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:d277d4fdca57ce067c39f039795be4890fa7fc8d38eccebad11a1d9597e87a20_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:3db3d6a4b9ff4b4b17784d1e1390fcd8888d87f827a726b6cbafe6977d10230b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d719d402444a60324cf1d9f7aaadfd49bcc1e9ed725a39e08ea317336bddbb67_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-operator-bundle@sha256:2e8752ff9ae05a7ed9a3ed160681c17c8e5ffaf5b46b9ec37f7cbb6938388c8b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:9dd75502bd5db692f56e9f7e3fdbc0198c1767fa24b0bbfda380579506db6e4f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:141b7b2c681d3313e3b09a77766f1babf684864433c3a1ae142085a69899e492_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:c869330faff69d3c83411b4b4c7551d6f082511c8d816e7947b4591fd6b0f7b5_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:584286170d5b1bb360fda36d9ec705cacf96177799d47b3e3dc7ec506e4d7579_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2c723b07206550b1fc1ec2df455931b93f84caabbc41784741f539579ea99dd3_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:5ee6284d6354e4e55f1ee7eb5a79b833aae6e31bf42bf185c4192e5d373f06e7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7c02ce667bc7b6693596ba249e34d7233a95fdb1966ce317927b2363518a564f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:eb1067cf493864c4ca48459b2f9adf0964b3849564743a17e7a3686e925e448f_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:f4615211c16cc89f94043e2588400957b8fd225f233c86096542ac1364678cf4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1690d6c99f4626289bcdd78c8521edffb61c91da1a45aa2eb2b6ab2af137b7c1_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1ff67f3ff46b59b86c2f29596008440da7da8d594005881c65d6d4ab645aefc6_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b251e7b26d4a6f3443d6d795a4d92992b5f79d56e5561477648eabae286d7641_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:87f5569806a8960520bab78d69514f2e2061b2ad69040cf7c164a5037c27e6bf_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:c8dce4a25f10645edc649576e995b2b6619c8bc39c2c30d3cffbe3a3c3a86b35_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:e0d3839cbb1734c0e224e0c076c7c8b4d0e0888e31989b8a6a611418ea2c72bc_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:00bdcca61bc8765fbbc838deeb86392ce25c72f0170241c270484ec9b77bd263_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:852442ee591c566acde876d1101b89f6009f186f6f705bb128754b2ed0043d46_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:ac8d47727a66b68185bf77848b27b8e5a9c41a023cb6f424a75369b6e4b500a7_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c6eb556ecea92be74c6175061678d06bb3006a6ccfc5927d2327ddcf244c934b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:37d0208891259e9d725fb4146d023c1f0cd0dafbff8e322b7c12621ea25f8c85_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49f1e7092bdd19f318580b3d4dfc37dbec8435f814b7d1b863ed34a6ba6157ee_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:e9f1e2743fe9930ccb470c6eb8d9e9577640fe6a9ab7a013648e513b6216fa74_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2bd4927011a029a1dd7ba2baa2fdc759d431550879eddc8813d89cb44cdb2767_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:526abc72ccfa1729a5962911f92da64a3dda4a689421ecdb21c7ad2a049f53ef_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:a492d94ceced107b6b8dc7339cca181875d2245c5f8ac9ecc51979160a341d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:f588f9517ac72fb92989f929ad6e643440f709cb4d311974d0e201bfd6b17958_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5aad1d226292a42c700e97575eec56040108869acdcb720a9c5b32d02a0035b3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:d40189f09ff39240e5e49412c1314d9911fcb957459c7496b215da8c9f758b8e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:ecc54bc4e8be6f3bfade15c23827e84445acc12c63b4e133cee73e57ac5a42aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2abd2d479416e66c6f85e4e883d5e4987bc38f476f907766374784107b89de9a_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2b5deb8c15ca85aec11aa24b3c7cdc200e7ece6b8e53cdf0b073898c8f3c87a5_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4d0f4fe708b4aea53b1bbf71fb10a41fd50313d62fb380b7cafd6abb130b5024_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:d2cc16ec9cc1f40da3b1967bc9a7b208062c5bc4a2753213ae2c41c62c5115aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:0a5ac166f5ebddae21dcf2ce8a5932494209533ac4a92ff5551a402291f27ff9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c59f7905c54d41103305ecef9883cbe5f37f8a1921572773d9fd783c35026be3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c786effa06598ecb80690644d1c9075588e123ad200db05686568a80a1feeb56_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:cb4d70c84e2d58e9a4f8108a16ad6f7e1ab78fc4ef7a96dc96f8b5ba788ece0e_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:65176cfc11dcc49e7b175404475dd0fcd9ad14e3b3e8ab85816cf52d64c51512_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:7ea7c9adce3bb022e345cffcb939e4d4d03e44717ac32a00cbef60d3fb5eb2b3_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:b14c3a7c4cc6531ed0d9701fe1b07ddc8c85e702ef8b058f0eaaadb1e8852a04_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:173a4998c70c4c8ff9d0d4f90fb48e8e3d3f8fbc4deeb4f742cbaa38dda61215_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:20c7a4f70f6000f204a3c53c153aaa3c08be94c98c09b90f538b2a19156a00e0_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:c5e4d50a9c4ee10b0e7f9bba3d4d21bf479b19423ef3e0530a6637be85acc1ed_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:599bfb2b83e095f88d90a408d4e8bf66bf10070255c5d174ca9ed8668111d25f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b2fbb75c7054d13ff54575b398d6d70b5f0348c9777fcb88611b95c0dc18db4e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:bdfb055790f5c58fd4d5699cdcb07151f4be909d920f3243d4610b74183a961d_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:d56cef998bb118950349234aacabc55dd066bb065b3502206505b1f7b01534c4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:40f8584e7ed0be1742fc3d40ee639dfd5323e38c55c7fcae4146d4246abf6cf0_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c8def04b4b3d5eb619a67c199c543e637582bfd8dbf59785bc7ebdb190a6511_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4da2afb698447df4a45a8bc1b479e57a5da7cd7a3ace09e131717a31155ec8a5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:95172347459900115fd67d22daa025b8545a9ee9ec05d1098f9196710c720d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:116f99072859f76161266a538d92d7e19e3b463fc18e6084cf7faf7a6b311116_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c5b233911109f0a218b634d8d317229a3949b2ea5936b7ec91ebfcdd6f15060_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:da96f0e217a418accd74f8958444423cb4baca7311ee8d3bf70d22c42597f5cb_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:053ad72159390ad37825015b051252dc162f46ebeeab4866e1568af1f0084cab_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:228bbd789e0de72a48a3673fab02aa53b14485fce3b27d2e4cd30eb30f5ac1b6_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d72bc2058e6fe68d79add2423d6ec95baf531f4d3e6a542f6e9d9a07f52bd9c9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:ea4c2c1e333eb04d8d5514d255336aa7f0d20fa462b595ebcadcf2929acf9909_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:1645b8ebfe127ec4a9b8c7c7a2d2ae6723bf1c02d49920a7f579197e8d21366f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:9164cc380719f38594bfef8cd590c16c53b066809ceecfc04ebef36355f42ce9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:ca0284c10827905e1576ea0a01bb09425acbf96d30b2e556b34e22e2d0115196_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:eb4386e6dfb4a2277085dbc44190243c40d973b80e9985fe42378098eb35e6e7_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1d10099e7b5e3a3c4444569f6af365f90494c71b758aad1dad53f5aecf788ca5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:65c4003dfb7180e015ec74fe9e599bcc313501ab9b9c67d61fc59a68e6c89349_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:9bd2dd681994141e8566c1af858850b323def19b4ffbea2af12efd1d0e1015e9_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c988f8015f90581e97bb97210853d417b7f090e62d39a0469865e1628a9dbbd3_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:2987990bc63fa58ced038084921bdf168a017bd0b94b296a7c79dc264388339a_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:66e773cf82a564ebe81af3d5206e6b24ddf9559ccb1e9f90646f0203b5da6863_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:74b1659b62a5d75ef62f8fc46701445a51a1e78e8d7d96ccccab47cdd67acacb_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:83746838d5b190c09d22dd1cc34c7d4822022534c624be10854bd9b660713932_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:25b4647a37692cde90c499460a62a78342827265992adc0740bef650028fc2df_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f0fc8196ffce6f355f06c0157a38e36109eaa9be1f3e91ad71fdd72bc33ee509_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:fdb74e11ba60926cf6abfe7898ffec199d3efe07fb0273e794ba4e10c9f7ad70_s390x"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:d273d52e59706f54e1f5382119db5f50b462281fba160dab6d85b57707b45eec_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-operator-bundle@sha256:6d7720076a49e7e35b52a84c98d858a0c7b767ccad79ad3cfbf721419053669a_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7f8435653f35ea08e5d5e7305a06ad3ebee9ddf04f8c03c3cb34fd6fe1f6f577_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-operator-bundle@sha256:08d6bef2c472ebd7918a9124ac40e6ac0b834df9a7b4a160f027f511345a7df7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:d277d4fdca57ce067c39f039795be4890fa7fc8d38eccebad11a1d9597e87a20_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:3db3d6a4b9ff4b4b17784d1e1390fcd8888d87f827a726b6cbafe6977d10230b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d719d402444a60324cf1d9f7aaadfd49bcc1e9ed725a39e08ea317336bddbb67_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-operator-bundle@sha256:2e8752ff9ae05a7ed9a3ed160681c17c8e5ffaf5b46b9ec37f7cbb6938388c8b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:9dd75502bd5db692f56e9f7e3fdbc0198c1767fa24b0bbfda380579506db6e4f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:141b7b2c681d3313e3b09a77766f1babf684864433c3a1ae142085a69899e492_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:c869330faff69d3c83411b4b4c7551d6f082511c8d816e7947b4591fd6b0f7b5_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:584286170d5b1bb360fda36d9ec705cacf96177799d47b3e3dc7ec506e4d7579_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2c723b07206550b1fc1ec2df455931b93f84caabbc41784741f539579ea99dd3_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-13T17:36:32+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.18/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:5ee6284d6354e4e55f1ee7eb5a79b833aae6e31bf42bf185c4192e5d373f06e7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7c02ce667bc7b6693596ba249e34d7233a95fdb1966ce317927b2363518a564f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:eb1067cf493864c4ca48459b2f9adf0964b3849564743a17e7a3686e925e448f_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:f4615211c16cc89f94043e2588400957b8fd225f233c86096542ac1364678cf4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1690d6c99f4626289bcdd78c8521edffb61c91da1a45aa2eb2b6ab2af137b7c1_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1ff67f3ff46b59b86c2f29596008440da7da8d594005881c65d6d4ab645aefc6_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b251e7b26d4a6f3443d6d795a4d92992b5f79d56e5561477648eabae286d7641_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:87f5569806a8960520bab78d69514f2e2061b2ad69040cf7c164a5037c27e6bf_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:c8dce4a25f10645edc649576e995b2b6619c8bc39c2c30d3cffbe3a3c3a86b35_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:e0d3839cbb1734c0e224e0c076c7c8b4d0e0888e31989b8a6a611418ea2c72bc_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:00bdcca61bc8765fbbc838deeb86392ce25c72f0170241c270484ec9b77bd263_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:852442ee591c566acde876d1101b89f6009f186f6f705bb128754b2ed0043d46_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:ac8d47727a66b68185bf77848b27b8e5a9c41a023cb6f424a75369b6e4b500a7_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c6eb556ecea92be74c6175061678d06bb3006a6ccfc5927d2327ddcf244c934b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:37d0208891259e9d725fb4146d023c1f0cd0dafbff8e322b7c12621ea25f8c85_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49f1e7092bdd19f318580b3d4dfc37dbec8435f814b7d1b863ed34a6ba6157ee_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:e9f1e2743fe9930ccb470c6eb8d9e9577640fe6a9ab7a013648e513b6216fa74_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2bd4927011a029a1dd7ba2baa2fdc759d431550879eddc8813d89cb44cdb2767_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:526abc72ccfa1729a5962911f92da64a3dda4a689421ecdb21c7ad2a049f53ef_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:a492d94ceced107b6b8dc7339cca181875d2245c5f8ac9ecc51979160a341d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:f588f9517ac72fb92989f929ad6e643440f709cb4d311974d0e201bfd6b17958_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5aad1d226292a42c700e97575eec56040108869acdcb720a9c5b32d02a0035b3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:d40189f09ff39240e5e49412c1314d9911fcb957459c7496b215da8c9f758b8e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:ecc54bc4e8be6f3bfade15c23827e84445acc12c63b4e133cee73e57ac5a42aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2abd2d479416e66c6f85e4e883d5e4987bc38f476f907766374784107b89de9a_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2b5deb8c15ca85aec11aa24b3c7cdc200e7ece6b8e53cdf0b073898c8f3c87a5_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4d0f4fe708b4aea53b1bbf71fb10a41fd50313d62fb380b7cafd6abb130b5024_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:d2cc16ec9cc1f40da3b1967bc9a7b208062c5bc4a2753213ae2c41c62c5115aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:0a5ac166f5ebddae21dcf2ce8a5932494209533ac4a92ff5551a402291f27ff9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c59f7905c54d41103305ecef9883cbe5f37f8a1921572773d9fd783c35026be3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c786effa06598ecb80690644d1c9075588e123ad200db05686568a80a1feeb56_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:cb4d70c84e2d58e9a4f8108a16ad6f7e1ab78fc4ef7a96dc96f8b5ba788ece0e_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:65176cfc11dcc49e7b175404475dd0fcd9ad14e3b3e8ab85816cf52d64c51512_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:7ea7c9adce3bb022e345cffcb939e4d4d03e44717ac32a00cbef60d3fb5eb2b3_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:b14c3a7c4cc6531ed0d9701fe1b07ddc8c85e702ef8b058f0eaaadb1e8852a04_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:173a4998c70c4c8ff9d0d4f90fb48e8e3d3f8fbc4deeb4f742cbaa38dda61215_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:20c7a4f70f6000f204a3c53c153aaa3c08be94c98c09b90f538b2a19156a00e0_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:c5e4d50a9c4ee10b0e7f9bba3d4d21bf479b19423ef3e0530a6637be85acc1ed_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:599bfb2b83e095f88d90a408d4e8bf66bf10070255c5d174ca9ed8668111d25f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b2fbb75c7054d13ff54575b398d6d70b5f0348c9777fcb88611b95c0dc18db4e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:bdfb055790f5c58fd4d5699cdcb07151f4be909d920f3243d4610b74183a961d_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:d56cef998bb118950349234aacabc55dd066bb065b3502206505b1f7b01534c4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:40f8584e7ed0be1742fc3d40ee639dfd5323e38c55c7fcae4146d4246abf6cf0_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c8def04b4b3d5eb619a67c199c543e637582bfd8dbf59785bc7ebdb190a6511_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4da2afb698447df4a45a8bc1b479e57a5da7cd7a3ace09e131717a31155ec8a5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:95172347459900115fd67d22daa025b8545a9ee9ec05d1098f9196710c720d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:116f99072859f76161266a538d92d7e19e3b463fc18e6084cf7faf7a6b311116_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c5b233911109f0a218b634d8d317229a3949b2ea5936b7ec91ebfcdd6f15060_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:da96f0e217a418accd74f8958444423cb4baca7311ee8d3bf70d22c42597f5cb_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:053ad72159390ad37825015b051252dc162f46ebeeab4866e1568af1f0084cab_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:228bbd789e0de72a48a3673fab02aa53b14485fce3b27d2e4cd30eb30f5ac1b6_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d72bc2058e6fe68d79add2423d6ec95baf531f4d3e6a542f6e9d9a07f52bd9c9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:ea4c2c1e333eb04d8d5514d255336aa7f0d20fa462b595ebcadcf2929acf9909_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:1645b8ebfe127ec4a9b8c7c7a2d2ae6723bf1c02d49920a7f579197e8d21366f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:9164cc380719f38594bfef8cd590c16c53b066809ceecfc04ebef36355f42ce9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:ca0284c10827905e1576ea0a01bb09425acbf96d30b2e556b34e22e2d0115196_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:eb4386e6dfb4a2277085dbc44190243c40d973b80e9985fe42378098eb35e6e7_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1d10099e7b5e3a3c4444569f6af365f90494c71b758aad1dad53f5aecf788ca5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:65c4003dfb7180e015ec74fe9e599bcc313501ab9b9c67d61fc59a68e6c89349_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:9bd2dd681994141e8566c1af858850b323def19b4ffbea2af12efd1d0e1015e9_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c988f8015f90581e97bb97210853d417b7f090e62d39a0469865e1628a9dbbd3_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:2987990bc63fa58ced038084921bdf168a017bd0b94b296a7c79dc264388339a_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:66e773cf82a564ebe81af3d5206e6b24ddf9559ccb1e9f90646f0203b5da6863_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:74b1659b62a5d75ef62f8fc46701445a51a1e78e8d7d96ccccab47cdd67acacb_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:83746838d5b190c09d22dd1cc34c7d4822022534c624be10854bd9b660713932_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:25b4647a37692cde90c499460a62a78342827265992adc0740bef650028fc2df_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f0fc8196ffce6f355f06c0157a38e36109eaa9be1f3e91ad71fdd72bc33ee509_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:fdb74e11ba60926cf6abfe7898ffec199d3efe07fb0273e794ba4e10c9f7ad70_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21368"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:d273d52e59706f54e1f5382119db5f50b462281fba160dab6d85b57707b45eec_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:5ee6284d6354e4e55f1ee7eb5a79b833aae6e31bf42bf185c4192e5d373f06e7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7c02ce667bc7b6693596ba249e34d7233a95fdb1966ce317927b2363518a564f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:eb1067cf493864c4ca48459b2f9adf0964b3849564743a17e7a3686e925e448f_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:f4615211c16cc89f94043e2588400957b8fd225f233c86096542ac1364678cf4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1690d6c99f4626289bcdd78c8521edffb61c91da1a45aa2eb2b6ab2af137b7c1_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:1ff67f3ff46b59b86c2f29596008440da7da8d594005881c65d6d4ab645aefc6_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b251e7b26d4a6f3443d6d795a4d92992b5f79d56e5561477648eabae286d7641_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:87f5569806a8960520bab78d69514f2e2061b2ad69040cf7c164a5037c27e6bf_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:c8dce4a25f10645edc649576e995b2b6619c8bc39c2c30d3cffbe3a3c3a86b35_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-core-rhel9@sha256:e0d3839cbb1734c0e224e0c076c7c8b4d0e0888e31989b8a6a611418ea2c72bc_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-operator-bundle@sha256:6d7720076a49e7e35b52a84c98d858a0c7b767ccad79ad3cfbf721419053669a_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:00bdcca61bc8765fbbc838deeb86392ce25c72f0170241c270484ec9b77bd263_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:852442ee591c566acde876d1101b89f6009f186f6f705bb128754b2ed0043d46_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:ac8d47727a66b68185bf77848b27b8e5a9c41a023cb6f424a75369b6e4b500a7_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c6eb556ecea92be74c6175061678d06bb3006a6ccfc5927d2327ddcf244c934b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:37d0208891259e9d725fb4146d023c1f0cd0dafbff8e322b7c12621ea25f8c85_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49f1e7092bdd19f318580b3d4dfc37dbec8435f814b7d1b863ed34a6ba6157ee_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:e9f1e2743fe9930ccb470c6eb8d9e9577640fe6a9ab7a013648e513b6216fa74_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7f8435653f35ea08e5d5e7305a06ad3ebee9ddf04f8c03c3cb34fd6fe1f6f577_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2bd4927011a029a1dd7ba2baa2fdc759d431550879eddc8813d89cb44cdb2767_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:526abc72ccfa1729a5962911f92da64a3dda4a689421ecdb21c7ad2a049f53ef_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:a492d94ceced107b6b8dc7339cca181875d2245c5f8ac9ecc51979160a341d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:f588f9517ac72fb92989f929ad6e643440f709cb4d311974d0e201bfd6b17958_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:5aad1d226292a42c700e97575eec56040108869acdcb720a9c5b32d02a0035b3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:d40189f09ff39240e5e49412c1314d9911fcb957459c7496b215da8c9f758b8e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:ecc54bc4e8be6f3bfade15c23827e84445acc12c63b4e133cee73e57ac5a42aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-operator-bundle@sha256:08d6bef2c472ebd7918a9124ac40e6ac0b834df9a7b4a160f027f511345a7df7_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2abd2d479416e66c6f85e4e883d5e4987bc38f476f907766374784107b89de9a_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2b5deb8c15ca85aec11aa24b3c7cdc200e7ece6b8e53cdf0b073898c8f3c87a5_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4d0f4fe708b4aea53b1bbf71fb10a41fd50313d62fb380b7cafd6abb130b5024_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:d2cc16ec9cc1f40da3b1967bc9a7b208062c5bc4a2753213ae2c41c62c5115aa_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:0a5ac166f5ebddae21dcf2ce8a5932494209533ac4a92ff5551a402291f27ff9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c59f7905c54d41103305ecef9883cbe5f37f8a1921572773d9fd783c35026be3_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:c786effa06598ecb80690644d1c9075588e123ad200db05686568a80a1feeb56_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cli-rhel9@sha256:cb4d70c84e2d58e9a4f8108a16ad6f7e1ab78fc4ef7a96dc96f8b5ba788ece0e_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:65176cfc11dcc49e7b175404475dd0fcd9ad14e3b3e8ab85816cf52d64c51512_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:7ea7c9adce3bb022e345cffcb939e4d4d03e44717ac32a00cbef60d3fb5eb2b3_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-console-rhel9@sha256:b14c3a7c4cc6531ed0d9701fe1b07ddc8c85e702ef8b058f0eaaadb1e8852a04_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:173a4998c70c4c8ff9d0d4f90fb48e8e3d3f8fbc4deeb4f742cbaa38dda61215_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:20c7a4f70f6000f204a3c53c153aaa3c08be94c98c09b90f538b2a19156a00e0_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:c5e4d50a9c4ee10b0e7f9bba3d4d21bf479b19423ef3e0530a6637be85acc1ed_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:d277d4fdca57ce067c39f039795be4890fa7fc8d38eccebad11a1d9597e87a20_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:599bfb2b83e095f88d90a408d4e8bf66bf10070255c5d174ca9ed8668111d25f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b2fbb75c7054d13ff54575b398d6d70b5f0348c9777fcb88611b95c0dc18db4e_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:bdfb055790f5c58fd4d5699cdcb07151f4be909d920f3243d4610b74183a961d_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:d56cef998bb118950349234aacabc55dd066bb065b3502206505b1f7b01534c4_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:40f8584e7ed0be1742fc3d40ee639dfd5323e38c55c7fcae4146d4246abf6cf0_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4c8def04b4b3d5eb619a67c199c543e637582bfd8dbf59785bc7ebdb190a6511_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:4da2afb698447df4a45a8bc1b479e57a5da7cd7a3ace09e131717a31155ec8a5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:95172347459900115fd67d22daa025b8545a9ee9ec05d1098f9196710c720d76_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:3db3d6a4b9ff4b4b17784d1e1390fcd8888d87f827a726b6cbafe6977d10230b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:116f99072859f76161266a538d92d7e19e3b463fc18e6084cf7faf7a6b311116_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c5b233911109f0a218b634d8d317229a3949b2ea5936b7ec91ebfcdd6f15060_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:da96f0e217a418accd74f8958444423cb4baca7311ee8d3bf70d22c42597f5cb_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:d719d402444a60324cf1d9f7aaadfd49bcc1e9ed725a39e08ea317336bddbb67_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:053ad72159390ad37825015b051252dc162f46ebeeab4866e1568af1f0084cab_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:228bbd789e0de72a48a3673fab02aa53b14485fce3b27d2e4cd30eb30f5ac1b6_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d72bc2058e6fe68d79add2423d6ec95baf531f4d3e6a542f6e9d9a07f52bd9c9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:ea4c2c1e333eb04d8d5514d255336aa7f0d20fa462b595ebcadcf2929acf9909_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:1645b8ebfe127ec4a9b8c7c7a2d2ae6723bf1c02d49920a7f579197e8d21366f_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:9164cc380719f38594bfef8cd590c16c53b066809ceecfc04ebef36355f42ce9_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:ca0284c10827905e1576ea0a01bb09425acbf96d30b2e556b34e22e2d0115196_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:eb4386e6dfb4a2277085dbc44190243c40d973b80e9985fe42378098eb35e6e7_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-operator-bundle@sha256:2e8752ff9ae05a7ed9a3ed160681c17c8e5ffaf5b46b9ec37f7cbb6938388c8b_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:9dd75502bd5db692f56e9f7e3fdbc0198c1767fa24b0bbfda380579506db6e4f_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1d10099e7b5e3a3c4444569f6af365f90494c71b758aad1dad53f5aecf788ca5_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:65c4003dfb7180e015ec74fe9e599bcc313501ab9b9c67d61fc59a68e6c89349_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:9bd2dd681994141e8566c1af858850b323def19b4ffbea2af12efd1d0e1015e9_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odf-rhel9-operator@sha256:c988f8015f90581e97bb97210853d417b7f090e62d39a0469865e1628a9dbbd3_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:141b7b2c681d3313e3b09a77766f1babf684864433c3a1ae142085a69899e492_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:c869330faff69d3c83411b4b4c7551d6f082511c8d816e7947b4591fd6b0f7b5_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:584286170d5b1bb360fda36d9ec705cacf96177799d47b3e3dc7ec506e4d7579_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:2987990bc63fa58ced038084921bdf168a017bd0b94b296a7c79dc264388339a_s390x",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:66e773cf82a564ebe81af3d5206e6b24ddf9559ccb1e9f90646f0203b5da6863_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:74b1659b62a5d75ef62f8fc46701445a51a1e78e8d7d96ccccab47cdd67acacb_arm64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/odr-rhel9-operator@sha256:83746838d5b190c09d22dd1cc34c7d4822022534c624be10854bd9b660713932_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2c723b07206550b1fc1ec2df455931b93f84caabbc41784741f539579ea99dd3_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:25b4647a37692cde90c499460a62a78342827265992adc0740bef650028fc2df_ppc64le",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:f0fc8196ffce6f355f06c0157a38e36109eaa9be1f3e91ad71fdd72bc33ee509_amd64",
"Red Hat Openshift Data Foundation 4.18:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:fdb74e11ba60926cf6abfe7898ffec199d3efe07fb0273e794ba4e10c9f7ad70_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
}
]
}
RHSA-2025:1611
Vulnerability from csaf_redhat - Published: 2025-02-17 18:04 - Updated: 2025-11-21 19:26Summary
Red Hat Security Advisory: nodejs:22 security update
Notes
Topic
An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1611",
"url": "https://access.redhat.com/errata/RHSA-2025:1611"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1611.json"
}
],
"title": "Red Hat Security Advisory: nodejs:22 security update",
"tracking": {
"current_release_date": "2025-11-21T19:26:24+00:00",
"generator": {
"date": "2025-11-21T19:26:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:1611",
"initial_release_date": "2025-02-17T18:04:26+00:00",
"revision_history": [
{
"date": "2025-02-17T18:04:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-17T18:04:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:26:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22",
"product": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src (nodejs:22)",
"product_id": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=src\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src (nodejs:22)",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=src\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src::nodejs:22",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src (nodejs:22)",
"product_id": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.10.0%2B22759%2B46b58560?arch=src\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"product": {
"name": "nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch (nodejs:22)",
"product_id": "nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch (nodejs:22)",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=noarch\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch (nodejs:22)",
"product_id": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.10.0%2B22759%2B46b58560?arch=noarch\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch (nodejs:22)",
"product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel8.10.0%2B22759%2B46b58560?arch=noarch\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"product": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 (nodejs:22)",
"product_id": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 (nodejs:22)",
"product_id": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 (nodejs:22)",
"product_id": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64 (nodejs:22)",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64 (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=3\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"product": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le (nodejs:22)",
"product_id": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le (nodejs:22)",
"product_id": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le (nodejs:22)",
"product_id": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le (nodejs:22)",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=3\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"product": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x (nodejs:22)",
"product_id": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x (nodejs:22)",
"product_id": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x (nodejs:22)",
"product_id": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x (nodejs:22)",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=3\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"product": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 (nodejs:22)",
"product_id": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"product": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 (nodejs:22)",
"product_id": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"product": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 (nodejs:22)",
"product_id": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"product": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 (nodejs:22)",
"product_id": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"product": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 (nodejs:22)",
"product_id": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"product": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 (nodejs:22)",
"product_id": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"product": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64 (nodejs:22)",
"product_id": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"product": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64 (nodejs:22)",
"product_id": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=3\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22"
},
"product_reference": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22"
},
"product_reference": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22"
},
"product_reference": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22"
},
"product_reference": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22"
},
"product_reference": "nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22"
},
"product_reference": "nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22"
},
"product_reference": "nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22"
},
"product_reference": "nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22"
},
"product_reference": "nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22"
},
"product_reference": "nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22"
},
"product_reference": "nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src::nodejs:22"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22"
},
"product_reference": "npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64 (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22"
},
"product_reference": "v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T18:04:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1611"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23083",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-01-22T02:00:43.830080+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because the diagnostics_channel utility, allowing attackers to hook into events triggered when a worker thread is created. This not only exposes user-defined workers but also internal workers, enabling the attacker to retrieve instances and potentially capture and reinstate their constructors for malicious purposes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "RHBZ#2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
}
],
"release_date": "2025-01-22T01:11:30.802000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T18:04:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1611"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T18:04:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1611"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:22.13.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:22.13.1-1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22759+46b58560.src::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22759+46b58560.noarch::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x::nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-3:12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64::nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
RHSA-2025:1351
Vulnerability from csaf_redhat - Published: 2025-02-12 15:32 - Updated: 2025-11-21 19:22Summary
Red Hat Security Advisory: nodejs:20 security update
Notes
Topic
An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1351",
"url": "https://access.redhat.com/errata/RHSA-2025:1351"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1351.json"
}
],
"title": "Red Hat Security Advisory: nodejs:20 security update",
"tracking": {
"current_release_date": "2025-11-21T19:22:44+00:00",
"generator": {
"date": "2025-11-21T19:22:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2025:1351",
"initial_release_date": "2025-02-12T15:32:22+00:00",
"revision_history": [
{
"date": "2025-02-12T15:32:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-12T15:32:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:22:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"product": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src (nodejs:20)",
"product_id": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=src\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src (nodejs:20)",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=src\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src (nodejs:20)",
"product_id": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=src\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"product": {
"name": "nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch (nodejs:20)",
"product_id": "nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"product": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch (nodejs:20)",
"product_id": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=noarch\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"product": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch (nodejs:20)",
"product_id": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=noarch\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"product": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch (nodejs:20)",
"product_id": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=noarch\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"product": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64 (nodejs:20)",
"product_id": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64 (nodejs:20)",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64 (nodejs:20)",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64 (nodejs:20)",
"product_id": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64 (nodejs:20)",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64 (nodejs:20)",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"product": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le (nodejs:20)",
"product_id": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le (nodejs:20)",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le (nodejs:20)",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le (nodejs:20)",
"product_id": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le (nodejs:20)",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le (nodejs:20)",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"product": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x (nodejs:20)",
"product_id": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x (nodejs:20)",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x (nodejs:20)",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x (nodejs:20)",
"product_id": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x (nodejs:20)",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x (nodejs:20)",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"product": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64 (nodejs:20)",
"product_id": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"product": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64 (nodejs:20)",
"product_id": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"product": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64 (nodejs:20)",
"product_id": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"product": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64 (nodejs:20)",
"product_id": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"product": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64 (nodejs:20)",
"product_id": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"product": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64 (nodejs:20)",
"product_id": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20"
},
"product_reference": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20"
},
"product_reference": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20"
},
"product_reference": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src::nodejs:20"
},
"product_reference": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20"
},
"product_reference": "nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20"
},
"product_reference": "nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20"
},
"product_reference": "nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20"
},
"product_reference": "nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20"
},
"product_reference": "nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20"
},
"product_reference": "nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src::nodejs:20"
},
"product_reference": "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src::nodejs:20"
},
"product_reference": "nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20"
},
"product_reference": "nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64 (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20"
},
"product_reference": "npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-12T15:32:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1351"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23083",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-01-22T02:00:43.830080+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because the diagnostics_channel utility, allowing attackers to hook into events triggered when a worker thread is created. This not only exposes user-defined workers but also internal workers, enabling the attacker to retrieve instances and potentially capture and reinstate their constructors for malicious purposes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "RHBZ#2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
}
],
"release_date": "2025-01-22T01:11:30.802000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-12T15:32:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1351"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-12T15:32:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1351"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-1:20.18.2-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-1:20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-0:3.0.1-1.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-0:2021.06-4.module+el8.10.0+22767+a3309b10.src::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+22767+a3309b10.noarch::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x::nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-1:10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64::nodejs:20"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
SUSE-SU-2025:0232-1
Vulnerability from csaf_suse - Published: 2025-01-24 14:33 - Updated: 2025-01-24 14:33Summary
Security update for nodejs20
Notes
Title of the patch
Security update for nodejs20
Description of the patch
This update for nodejs20 fixes the following issues:
Update to 20.18.2:
- CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics (bsc#1236251)
- CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250)
- CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258)
Patchnames
SUSE-2025-232,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-232,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-232,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-232,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-232
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs20",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs20 fixes the following issues:\n\nUpdate to 20.18.2:\n\n- CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics (bsc#1236251)\n- CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250)\n- CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-232,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-232,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-232,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-232,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-232",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0232-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0232-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250232-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0232-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020195.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236250",
"url": "https://bugzilla.suse.com/1236250"
},
{
"category": "self",
"summary": "SUSE Bug 1236251",
"url": "https://bugzilla.suse.com/1236251"
},
{
"category": "self",
"summary": "SUSE Bug 1236258",
"url": "https://bugzilla.suse.com/1236258"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22150 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23083 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23085/"
}
],
"title": "Security update for nodejs20",
"tracking": {
"current_release_date": "2025-01-24T14:33:49Z",
"generator": {
"date": "2025-01-24T14:33:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0232-1",
"initial_release_date": "2025-01-24T14:33:49Z",
"revision_history": [
{
"date": "2025-01-24T14:33:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.18.2-150500.11.18.1.aarch64",
"product": {
"name": "corepack20-20.18.2-150500.11.18.1.aarch64",
"product_id": "corepack20-20.18.2-150500.11.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs20-20.18.2-150500.11.18.1.aarch64",
"product": {
"name": "nodejs20-20.18.2-150500.11.18.1.aarch64",
"product_id": "nodejs20-20.18.2-150500.11.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"product": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"product_id": "nodejs20-devel-20.18.2-150500.11.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm20-20.18.2-150500.11.18.1.aarch64",
"product": {
"name": "npm20-20.18.2-150500.11.18.1.aarch64",
"product_id": "npm20-20.18.2-150500.11.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.18.2-150500.11.18.1.i586",
"product": {
"name": "corepack20-20.18.2-150500.11.18.1.i586",
"product_id": "corepack20-20.18.2-150500.11.18.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs20-20.18.2-150500.11.18.1.i586",
"product": {
"name": "nodejs20-20.18.2-150500.11.18.1.i586",
"product_id": "nodejs20-20.18.2-150500.11.18.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.18.2-150500.11.18.1.i586",
"product": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.i586",
"product_id": "nodejs20-devel-20.18.2-150500.11.18.1.i586"
}
},
{
"category": "product_version",
"name": "npm20-20.18.2-150500.11.18.1.i586",
"product": {
"name": "npm20-20.18.2-150500.11.18.1.i586",
"product_id": "npm20-20.18.2-150500.11.18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"product": {
"name": "nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"product_id": "nodejs20-docs-20.18.2-150500.11.18.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.18.2-150500.11.18.1.ppc64le",
"product": {
"name": "corepack20-20.18.2-150500.11.18.1.ppc64le",
"product_id": "corepack20-20.18.2-150500.11.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs20-20.18.2-150500.11.18.1.ppc64le",
"product": {
"name": "nodejs20-20.18.2-150500.11.18.1.ppc64le",
"product_id": "nodejs20-20.18.2-150500.11.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"product": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"product_id": "nodejs20-devel-20.18.2-150500.11.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm20-20.18.2-150500.11.18.1.ppc64le",
"product": {
"name": "npm20-20.18.2-150500.11.18.1.ppc64le",
"product_id": "npm20-20.18.2-150500.11.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.18.2-150500.11.18.1.s390x",
"product": {
"name": "corepack20-20.18.2-150500.11.18.1.s390x",
"product_id": "corepack20-20.18.2-150500.11.18.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs20-20.18.2-150500.11.18.1.s390x",
"product": {
"name": "nodejs20-20.18.2-150500.11.18.1.s390x",
"product_id": "nodejs20-20.18.2-150500.11.18.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.18.2-150500.11.18.1.s390x",
"product": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.s390x",
"product_id": "nodejs20-devel-20.18.2-150500.11.18.1.s390x"
}
},
{
"category": "product_version",
"name": "npm20-20.18.2-150500.11.18.1.s390x",
"product": {
"name": "npm20-20.18.2-150500.11.18.1.s390x",
"product_id": "npm20-20.18.2-150500.11.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.18.2-150500.11.18.1.x86_64",
"product": {
"name": "corepack20-20.18.2-150500.11.18.1.x86_64",
"product_id": "corepack20-20.18.2-150500.11.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs20-20.18.2-150500.11.18.1.x86_64",
"product": {
"name": "nodejs20-20.18.2-150500.11.18.1.x86_64",
"product_id": "nodejs20-20.18.2-150500.11.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"product": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"product_id": "nodejs20-devel-20.18.2-150500.11.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm20-20.18.2-150500.11.18.1.x86_64",
"product": {
"name": "npm20-20.18.2-150500.11.18.1.x86_64",
"product_id": "npm20-20.18.2-150500.11.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150500.11.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.aarch64"
},
"product_reference": "nodejs20-20.18.2-150500.11.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150500.11.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.x86_64"
},
"product_reference": "nodejs20-20.18.2-150500.11.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64"
},
"product_reference": "nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64"
},
"product_reference": "nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-docs-20.18.2-150500.11.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.18.2-150500.11.18.1.noarch"
},
"product_reference": "nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150500.11.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.aarch64"
},
"product_reference": "npm20-20.18.2-150500.11.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150500.11.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.x86_64"
},
"product_reference": "npm20-20.18.2-150500.11.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150500.11.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64"
},
"product_reference": "nodejs20-20.18.2-150500.11.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150500.11.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64"
},
"product_reference": "nodejs20-20.18.2-150500.11.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64"
},
"product_reference": "nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64"
},
"product_reference": "nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-docs-20.18.2-150500.11.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch"
},
"product_reference": "nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150500.11.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64"
},
"product_reference": "npm20-20.18.2-150500.11.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150500.11.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64"
},
"product_reference": "npm20-20.18.2-150500.11.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150500.11.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64"
},
"product_reference": "nodejs20-20.18.2-150500.11.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150500.11.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.ppc64le"
},
"product_reference": "nodejs20-20.18.2-150500.11.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150500.11.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.s390x"
},
"product_reference": "nodejs20-20.18.2-150500.11.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150500.11.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64"
},
"product_reference": "nodejs20-20.18.2-150500.11.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64"
},
"product_reference": "nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le"
},
"product_reference": "nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.s390x"
},
"product_reference": "nodejs20-devel-20.18.2-150500.11.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64"
},
"product_reference": "nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-docs-20.18.2-150500.11.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch"
},
"product_reference": "nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150500.11.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64"
},
"product_reference": "npm20-20.18.2-150500.11.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150500.11.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.ppc64le"
},
"product_reference": "npm20-20.18.2-150500.11.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150500.11.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.s390x"
},
"product_reference": "npm20-20.18.2-150500.11.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150500.11.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64"
},
"product_reference": "npm20-20.18.2-150500.11.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150500.11.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.ppc64le"
},
"product_reference": "nodejs20-20.18.2-150500.11.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150500.11.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.x86_64"
},
"product_reference": "nodejs20-20.18.2-150500.11.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le"
},
"product_reference": "nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.x86_64"
},
"product_reference": "nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-docs-20.18.2-150500.11.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.18.2-150500.11.18.1.noarch"
},
"product_reference": "nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150500.11.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.ppc64le"
},
"product_reference": "npm20-20.18.2-150500.11.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150500.11.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.x86_64"
},
"product_reference": "npm20-20.18.2-150500.11.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22150"
}
],
"notes": [
{
"category": "general",
"text": "Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22150",
"url": "https://www.suse.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "SUSE Bug 1236257 for CVE-2025-22150",
"url": "https://bugzilla.suse.com/1236257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T14:33:49Z",
"details": "moderate"
}
],
"title": "CVE-2025-22150"
},
{
"cve": "CVE-2025-23083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23083"
}
],
"notes": [
{
"category": "general",
"text": "With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \r\n\r\nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23083",
"url": "https://www.suse.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "SUSE Bug 1236251 for CVE-2025-23083",
"url": "https://bugzilla.suse.com/1236251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T14:33:49Z",
"details": "important"
}
],
"title": "CVE-2025-23083"
},
{
"cve": "CVE-2025-23085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23085"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.\r\n\r\nThis vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23085",
"url": "https://www.suse.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "SUSE Bug 1236250 for CVE-2025-23085",
"url": "https://bugzilla.suse.com/1236250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T14:33:49Z",
"details": "moderate"
}
],
"title": "CVE-2025-23085"
}
]
}
SUSE-SU-2025:0234-1
Vulnerability from csaf_suse - Published: 2025-01-24 16:34 - Updated: 2025-01-24 16:34Summary
Security update for nodejs18
Notes
Title of the patch
Security update for nodejs18
Description of the patch
This update for nodejs18 fixes the following issues:
Update to 18.20.6:
- CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250)
- CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258)
Patchnames
SUSE-2025-234,SUSE-SLE-SERVER-12-SP5-LTSS-2025-234,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-234
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs18",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs18 fixes the following issues:\n\nUpdate to 18.20.6:\n\n- CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250)\n- CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-234,SUSE-SLE-SERVER-12-SP5-LTSS-2025-234,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-234",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0234-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0234-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250234-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0234-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020199.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236250",
"url": "https://bugzilla.suse.com/1236250"
},
{
"category": "self",
"summary": "SUSE Bug 1236258",
"url": "https://bugzilla.suse.com/1236258"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22150 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23085/"
}
],
"title": "Security update for nodejs18",
"tracking": {
"current_release_date": "2025-01-24T16:34:19Z",
"generator": {
"date": "2025-01-24T16:34:19Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0234-1",
"initial_release_date": "2025-01-24T16:34:19Z",
"revision_history": [
{
"date": "2025-01-24T16:34:19Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.6-8.33.1.aarch64",
"product": {
"name": "corepack18-18.20.6-8.33.1.aarch64",
"product_id": "corepack18-18.20.6-8.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.6-8.33.1.aarch64",
"product": {
"name": "nodejs18-18.20.6-8.33.1.aarch64",
"product_id": "nodejs18-18.20.6-8.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.6-8.33.1.aarch64",
"product": {
"name": "nodejs18-devel-18.20.6-8.33.1.aarch64",
"product_id": "nodejs18-devel-18.20.6-8.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm18-18.20.6-8.33.1.aarch64",
"product": {
"name": "npm18-18.20.6-8.33.1.aarch64",
"product_id": "npm18-18.20.6-8.33.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.6-8.33.1.i586",
"product": {
"name": "corepack18-18.20.6-8.33.1.i586",
"product_id": "corepack18-18.20.6-8.33.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.6-8.33.1.i586",
"product": {
"name": "nodejs18-18.20.6-8.33.1.i586",
"product_id": "nodejs18-18.20.6-8.33.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.6-8.33.1.i586",
"product": {
"name": "nodejs18-devel-18.20.6-8.33.1.i586",
"product_id": "nodejs18-devel-18.20.6-8.33.1.i586"
}
},
{
"category": "product_version",
"name": "npm18-18.20.6-8.33.1.i586",
"product": {
"name": "npm18-18.20.6-8.33.1.i586",
"product_id": "npm18-18.20.6-8.33.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs18-docs-18.20.6-8.33.1.noarch",
"product": {
"name": "nodejs18-docs-18.20.6-8.33.1.noarch",
"product_id": "nodejs18-docs-18.20.6-8.33.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.6-8.33.1.ppc64le",
"product": {
"name": "corepack18-18.20.6-8.33.1.ppc64le",
"product_id": "corepack18-18.20.6-8.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.6-8.33.1.ppc64le",
"product": {
"name": "nodejs18-18.20.6-8.33.1.ppc64le",
"product_id": "nodejs18-18.20.6-8.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.6-8.33.1.ppc64le",
"product": {
"name": "nodejs18-devel-18.20.6-8.33.1.ppc64le",
"product_id": "nodejs18-devel-18.20.6-8.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm18-18.20.6-8.33.1.ppc64le",
"product": {
"name": "npm18-18.20.6-8.33.1.ppc64le",
"product_id": "npm18-18.20.6-8.33.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.6-8.33.1.s390x",
"product": {
"name": "corepack18-18.20.6-8.33.1.s390x",
"product_id": "corepack18-18.20.6-8.33.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.6-8.33.1.s390x",
"product": {
"name": "nodejs18-18.20.6-8.33.1.s390x",
"product_id": "nodejs18-18.20.6-8.33.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.6-8.33.1.s390x",
"product": {
"name": "nodejs18-devel-18.20.6-8.33.1.s390x",
"product_id": "nodejs18-devel-18.20.6-8.33.1.s390x"
}
},
{
"category": "product_version",
"name": "npm18-18.20.6-8.33.1.s390x",
"product": {
"name": "npm18-18.20.6-8.33.1.s390x",
"product_id": "npm18-18.20.6-8.33.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.6-8.33.1.x86_64",
"product": {
"name": "corepack18-18.20.6-8.33.1.x86_64",
"product_id": "corepack18-18.20.6-8.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.6-8.33.1.x86_64",
"product": {
"name": "nodejs18-18.20.6-8.33.1.x86_64",
"product_id": "nodejs18-18.20.6-8.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.6-8.33.1.x86_64",
"product": {
"name": "nodejs18-devel-18.20.6-8.33.1.x86_64",
"product_id": "nodejs18-devel-18.20.6-8.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm18-18.20.6-8.33.1.x86_64",
"product": {
"name": "npm18-18.20.6-8.33.1.x86_64",
"product_id": "npm18-18.20.6-8.33.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-8.33.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.aarch64"
},
"product_reference": "nodejs18-18.20.6-8.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-8.33.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.ppc64le"
},
"product_reference": "nodejs18-18.20.6-8.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-8.33.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.s390x"
},
"product_reference": "nodejs18-18.20.6-8.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-8.33.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.x86_64"
},
"product_reference": "nodejs18-18.20.6-8.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-8.33.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.aarch64"
},
"product_reference": "nodejs18-devel-18.20.6-8.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-8.33.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.ppc64le"
},
"product_reference": "nodejs18-devel-18.20.6-8.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-8.33.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.s390x"
},
"product_reference": "nodejs18-devel-18.20.6-8.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-8.33.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.x86_64"
},
"product_reference": "nodejs18-devel-18.20.6-8.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.6-8.33.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-docs-18.20.6-8.33.1.noarch"
},
"product_reference": "nodejs18-docs-18.20.6-8.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-8.33.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.aarch64"
},
"product_reference": "npm18-18.20.6-8.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-8.33.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.ppc64le"
},
"product_reference": "npm18-18.20.6-8.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-8.33.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.s390x"
},
"product_reference": "npm18-18.20.6-8.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-8.33.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.x86_64"
},
"product_reference": "npm18-18.20.6-8.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-8.33.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-18.20.6-8.33.1.x86_64"
},
"product_reference": "nodejs18-18.20.6-8.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-8.33.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-devel-18.20.6-8.33.1.x86_64"
},
"product_reference": "nodejs18-devel-18.20.6-8.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.6-8.33.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-docs-18.20.6-8.33.1.noarch"
},
"product_reference": "nodejs18-docs-18.20.6-8.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-8.33.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:npm18-18.20.6-8.33.1.x86_64"
},
"product_reference": "npm18-18.20.6-8.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22150"
}
],
"notes": [
{
"category": "general",
"text": "Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-docs-18.20.6-8.33.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-devel-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-docs-18.20.6-8.33.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:npm18-18.20.6-8.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22150",
"url": "https://www.suse.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "SUSE Bug 1236257 for CVE-2025-22150",
"url": "https://bugzilla.suse.com/1236257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-docs-18.20.6-8.33.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-devel-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-docs-18.20.6-8.33.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:npm18-18.20.6-8.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-docs-18.20.6-8.33.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-devel-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-docs-18.20.6-8.33.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:npm18-18.20.6-8.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T16:34:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-22150"
},
{
"cve": "CVE-2025-23085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23085"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.\r\n\r\nThis vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-docs-18.20.6-8.33.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-devel-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-docs-18.20.6-8.33.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:npm18-18.20.6-8.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23085",
"url": "https://www.suse.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "SUSE Bug 1236250 for CVE-2025-23085",
"url": "https://bugzilla.suse.com/1236250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-docs-18.20.6-8.33.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-devel-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-docs-18.20.6-8.33.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:npm18-18.20.6-8.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-docs-18.20.6-8.33.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-devel-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-docs-18.20.6-8.33.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:npm18-18.20.6-8.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T16:34:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-23085"
}
]
}
SUSE-SU-2025:0233-1
Vulnerability from csaf_suse - Published: 2025-01-24 16:05 - Updated: 2025-01-24 16:05Summary
Security update for nodejs18
Notes
Title of the patch
Security update for nodejs18
Description of the patch
This update for nodejs18 fixes the following issues:
Update to 18.20.6:
- CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250)
- CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258)
Patchnames
SUSE-2025-233,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-233,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-233,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-233,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-233,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-233,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-233,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-233,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-233,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-233
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs18",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs18 fixes the following issues:\n\nUpdate to 18.20.6:\n\n- CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250)\n- CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-233,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-233,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-233,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-233,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-233,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-233,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-233,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-233,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-233,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-233",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0233-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0233-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250233-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0233-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020200.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236250",
"url": "https://bugzilla.suse.com/1236250"
},
{
"category": "self",
"summary": "SUSE Bug 1236258",
"url": "https://bugzilla.suse.com/1236258"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22150 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23085/"
}
],
"title": "Security update for nodejs18",
"tracking": {
"current_release_date": "2025-01-24T16:05:12Z",
"generator": {
"date": "2025-01-24T16:05:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0233-1",
"initial_release_date": "2025-01-24T16:05:12Z",
"revision_history": [
{
"date": "2025-01-24T16:05:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.6-150400.9.33.1.aarch64",
"product": {
"name": "corepack18-18.20.6-150400.9.33.1.aarch64",
"product_id": "corepack18-18.20.6-150400.9.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.6-150400.9.33.1.aarch64",
"product": {
"name": "nodejs18-18.20.6-150400.9.33.1.aarch64",
"product_id": "nodejs18-18.20.6-150400.9.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"product": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"product_id": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm18-18.20.6-150400.9.33.1.aarch64",
"product": {
"name": "npm18-18.20.6-150400.9.33.1.aarch64",
"product_id": "npm18-18.20.6-150400.9.33.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.6-150400.9.33.1.i586",
"product": {
"name": "corepack18-18.20.6-150400.9.33.1.i586",
"product_id": "corepack18-18.20.6-150400.9.33.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.6-150400.9.33.1.i586",
"product": {
"name": "nodejs18-18.20.6-150400.9.33.1.i586",
"product_id": "nodejs18-18.20.6-150400.9.33.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.6-150400.9.33.1.i586",
"product": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.i586",
"product_id": "nodejs18-devel-18.20.6-150400.9.33.1.i586"
}
},
{
"category": "product_version",
"name": "npm18-18.20.6-150400.9.33.1.i586",
"product": {
"name": "npm18-18.20.6-150400.9.33.1.i586",
"product_id": "npm18-18.20.6-150400.9.33.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"product": {
"name": "nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"product_id": "nodejs18-docs-18.20.6-150400.9.33.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.6-150400.9.33.1.ppc64le",
"product": {
"name": "corepack18-18.20.6-150400.9.33.1.ppc64le",
"product_id": "corepack18-18.20.6-150400.9.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.6-150400.9.33.1.ppc64le",
"product": {
"name": "nodejs18-18.20.6-150400.9.33.1.ppc64le",
"product_id": "nodejs18-18.20.6-150400.9.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"product": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"product_id": "nodejs18-devel-18.20.6-150400.9.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm18-18.20.6-150400.9.33.1.ppc64le",
"product": {
"name": "npm18-18.20.6-150400.9.33.1.ppc64le",
"product_id": "npm18-18.20.6-150400.9.33.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.6-150400.9.33.1.s390x",
"product": {
"name": "corepack18-18.20.6-150400.9.33.1.s390x",
"product_id": "corepack18-18.20.6-150400.9.33.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.6-150400.9.33.1.s390x",
"product": {
"name": "nodejs18-18.20.6-150400.9.33.1.s390x",
"product_id": "nodejs18-18.20.6-150400.9.33.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"product": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"product_id": "nodejs18-devel-18.20.6-150400.9.33.1.s390x"
}
},
{
"category": "product_version",
"name": "npm18-18.20.6-150400.9.33.1.s390x",
"product": {
"name": "npm18-18.20.6-150400.9.33.1.s390x",
"product_id": "npm18-18.20.6-150400.9.33.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.6-150400.9.33.1.x86_64",
"product": {
"name": "corepack18-18.20.6-150400.9.33.1.x86_64",
"product_id": "corepack18-18.20.6-150400.9.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.6-150400.9.33.1.x86_64",
"product": {
"name": "nodejs18-18.20.6-150400.9.33.1.x86_64",
"product_id": "nodejs18-18.20.6-150400.9.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"product": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"product_id": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm18-18.20.6-150400.9.33.1.x86_64",
"product": {
"name": "npm18-18.20.6-150400.9.33.1.x86_64",
"product_id": "npm18-18.20.6-150400.9.33.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.6-150400.9.33.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch"
},
"product_reference": "nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.6-150400.9.33.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch"
},
"product_reference": "nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.6-150400.9.33.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch"
},
"product_reference": "nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.6-150400.9.33.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch"
},
"product_reference": "nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.6-150400.9.33.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch"
},
"product_reference": "nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.s390x"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.6-150400.9.33.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch"
},
"product_reference": "nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.s390x"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.6-150400.9.33.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.6-150400.9.33.1.noarch"
},
"product_reference": "nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.6-150400.9.33.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-docs-18.20.6-150400.9.33.1.noarch"
},
"product_reference": "nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.s390x"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.s390x"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.6-150400.9.33.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:nodejs18-docs-18.20.6-150400.9.33.1.noarch"
},
"product_reference": "nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.s390x"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22150"
}
],
"notes": [
{
"category": "general",
"text": "Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22150",
"url": "https://www.suse.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "SUSE Bug 1236257 for CVE-2025-22150",
"url": "https://bugzilla.suse.com/1236257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T16:05:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-22150"
},
{
"cve": "CVE-2025-23085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23085"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.\r\n\r\nThis vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23085",
"url": "https://www.suse.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "SUSE Bug 1236250 for CVE-2025-23085",
"url": "https://bugzilla.suse.com/1236250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T16:05:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-23085"
}
]
}
SUSE-SU-2025:0284-1
Vulnerability from csaf_suse - Published: 2025-01-29 13:47 - Updated: 2025-01-29 13:47Summary
Security update for nodejs22
Notes
Title of the patch
Security update for nodejs22
Description of the patch
This update for nodejs22 fixes the following issues:
Update to 22.13.1:
- CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics (bsc#1236251)
- CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250)
- CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258)
Patchnames
SUSE-2025-284,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-284,openSUSE-SLE-15.6-2025-284
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs22",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs22 fixes the following issues:\n\nUpdate to 22.13.1:\n\n- CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics (bsc#1236251)\n- CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250)\n- CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-284,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-284,openSUSE-SLE-15.6-2025-284",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0284-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0284-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250284-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0284-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020235.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236250",
"url": "https://bugzilla.suse.com/1236250"
},
{
"category": "self",
"summary": "SUSE Bug 1236251",
"url": "https://bugzilla.suse.com/1236251"
},
{
"category": "self",
"summary": "SUSE Bug 1236258",
"url": "https://bugzilla.suse.com/1236258"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22150 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23083 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23085/"
}
],
"title": "Security update for nodejs22",
"tracking": {
"current_release_date": "2025-01-29T13:47:55Z",
"generator": {
"date": "2025-01-29T13:47:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0284-1",
"initial_release_date": "2025-01-29T13:47:55Z",
"revision_history": [
{
"date": "2025-01-29T13:47:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.13.1-150600.13.6.1.aarch64",
"product": {
"name": "corepack22-22.13.1-150600.13.6.1.aarch64",
"product_id": "corepack22-22.13.1-150600.13.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs22-22.13.1-150600.13.6.1.aarch64",
"product": {
"name": "nodejs22-22.13.1-150600.13.6.1.aarch64",
"product_id": "nodejs22-22.13.1-150600.13.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"product": {
"name": "nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"product_id": "nodejs22-devel-22.13.1-150600.13.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm22-22.13.1-150600.13.6.1.aarch64",
"product": {
"name": "npm22-22.13.1-150600.13.6.1.aarch64",
"product_id": "npm22-22.13.1-150600.13.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.13.1-150600.13.6.1.i586",
"product": {
"name": "corepack22-22.13.1-150600.13.6.1.i586",
"product_id": "corepack22-22.13.1-150600.13.6.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs22-22.13.1-150600.13.6.1.i586",
"product": {
"name": "nodejs22-22.13.1-150600.13.6.1.i586",
"product_id": "nodejs22-22.13.1-150600.13.6.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.13.1-150600.13.6.1.i586",
"product": {
"name": "nodejs22-devel-22.13.1-150600.13.6.1.i586",
"product_id": "nodejs22-devel-22.13.1-150600.13.6.1.i586"
}
},
{
"category": "product_version",
"name": "npm22-22.13.1-150600.13.6.1.i586",
"product": {
"name": "npm22-22.13.1-150600.13.6.1.i586",
"product_id": "npm22-22.13.1-150600.13.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"product": {
"name": "nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"product_id": "nodejs22-docs-22.13.1-150600.13.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.13.1-150600.13.6.1.ppc64le",
"product": {
"name": "corepack22-22.13.1-150600.13.6.1.ppc64le",
"product_id": "corepack22-22.13.1-150600.13.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs22-22.13.1-150600.13.6.1.ppc64le",
"product": {
"name": "nodejs22-22.13.1-150600.13.6.1.ppc64le",
"product_id": "nodejs22-22.13.1-150600.13.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"product": {
"name": "nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"product_id": "nodejs22-devel-22.13.1-150600.13.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm22-22.13.1-150600.13.6.1.ppc64le",
"product": {
"name": "npm22-22.13.1-150600.13.6.1.ppc64le",
"product_id": "npm22-22.13.1-150600.13.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.13.1-150600.13.6.1.s390x",
"product": {
"name": "corepack22-22.13.1-150600.13.6.1.s390x",
"product_id": "corepack22-22.13.1-150600.13.6.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs22-22.13.1-150600.13.6.1.s390x",
"product": {
"name": "nodejs22-22.13.1-150600.13.6.1.s390x",
"product_id": "nodejs22-22.13.1-150600.13.6.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"product": {
"name": "nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"product_id": "nodejs22-devel-22.13.1-150600.13.6.1.s390x"
}
},
{
"category": "product_version",
"name": "npm22-22.13.1-150600.13.6.1.s390x",
"product": {
"name": "npm22-22.13.1-150600.13.6.1.s390x",
"product_id": "npm22-22.13.1-150600.13.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.13.1-150600.13.6.1.x86_64",
"product": {
"name": "corepack22-22.13.1-150600.13.6.1.x86_64",
"product_id": "corepack22-22.13.1-150600.13.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs22-22.13.1-150600.13.6.1.x86_64",
"product": {
"name": "nodejs22-22.13.1-150600.13.6.1.x86_64",
"product_id": "nodejs22-22.13.1-150600.13.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"product": {
"name": "nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"product_id": "nodejs22-devel-22.13.1-150600.13.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm22-22.13.1-150600.13.6.1.x86_64",
"product": {
"name": "npm22-22.13.1-150600.13.6.1.x86_64",
"product_id": "npm22-22.13.1-150600.13.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.13.1-150600.13.6.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.aarch64"
},
"product_reference": "nodejs22-22.13.1-150600.13.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.13.1-150600.13.6.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.ppc64le"
},
"product_reference": "nodejs22-22.13.1-150600.13.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.13.1-150600.13.6.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.s390x"
},
"product_reference": "nodejs22-22.13.1-150600.13.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.13.1-150600.13.6.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.x86_64"
},
"product_reference": "nodejs22-22.13.1-150600.13.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.13.1-150600.13.6.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64"
},
"product_reference": "nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.13.1-150600.13.6.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le"
},
"product_reference": "nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.13.1-150600.13.6.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.s390x"
},
"product_reference": "nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.13.1-150600.13.6.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64"
},
"product_reference": "nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.13.1-150600.13.6.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-docs-22.13.1-150600.13.6.1.noarch"
},
"product_reference": "nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.13.1-150600.13.6.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.aarch64"
},
"product_reference": "npm22-22.13.1-150600.13.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.13.1-150600.13.6.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.ppc64le"
},
"product_reference": "npm22-22.13.1-150600.13.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.13.1-150600.13.6.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.s390x"
},
"product_reference": "npm22-22.13.1-150600.13.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.13.1-150600.13.6.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.x86_64"
},
"product_reference": "npm22-22.13.1-150600.13.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.13.1-150600.13.6.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.aarch64"
},
"product_reference": "corepack22-22.13.1-150600.13.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.13.1-150600.13.6.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.ppc64le"
},
"product_reference": "corepack22-22.13.1-150600.13.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.13.1-150600.13.6.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.s390x"
},
"product_reference": "corepack22-22.13.1-150600.13.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.13.1-150600.13.6.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.x86_64"
},
"product_reference": "corepack22-22.13.1-150600.13.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.13.1-150600.13.6.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.aarch64"
},
"product_reference": "nodejs22-22.13.1-150600.13.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.13.1-150600.13.6.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.ppc64le"
},
"product_reference": "nodejs22-22.13.1-150600.13.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.13.1-150600.13.6.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.s390x"
},
"product_reference": "nodejs22-22.13.1-150600.13.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.13.1-150600.13.6.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.x86_64"
},
"product_reference": "nodejs22-22.13.1-150600.13.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.13.1-150600.13.6.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64"
},
"product_reference": "nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.13.1-150600.13.6.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le"
},
"product_reference": "nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.13.1-150600.13.6.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.s390x"
},
"product_reference": "nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.13.1-150600.13.6.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64"
},
"product_reference": "nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.13.1-150600.13.6.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs22-docs-22.13.1-150600.13.6.1.noarch"
},
"product_reference": "nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.13.1-150600.13.6.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.aarch64"
},
"product_reference": "npm22-22.13.1-150600.13.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.13.1-150600.13.6.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.ppc64le"
},
"product_reference": "npm22-22.13.1-150600.13.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.13.1-150600.13.6.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.s390x"
},
"product_reference": "npm22-22.13.1-150600.13.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.13.1-150600.13.6.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.x86_64"
},
"product_reference": "npm22-22.13.1-150600.13.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22150"
}
],
"notes": [
{
"category": "general",
"text": "Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22150",
"url": "https://www.suse.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "SUSE Bug 1236257 for CVE-2025-22150",
"url": "https://bugzilla.suse.com/1236257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-29T13:47:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-22150"
},
{
"cve": "CVE-2025-23083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23083"
}
],
"notes": [
{
"category": "general",
"text": "With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \r\n\r\nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23083",
"url": "https://www.suse.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "SUSE Bug 1236251 for CVE-2025-23083",
"url": "https://bugzilla.suse.com/1236251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-29T13:47:55Z",
"details": "important"
}
],
"title": "CVE-2025-23083"
},
{
"cve": "CVE-2025-23085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23085"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.\r\n\r\nThis vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23085",
"url": "https://www.suse.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "SUSE Bug 1236250 for CVE-2025-23085",
"url": "https://bugzilla.suse.com/1236250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-29T13:47:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-23085"
}
]
}
SUSE-SU-2025:0237-1
Vulnerability from csaf_suse - Published: 2025-01-24 19:33 - Updated: 2025-01-24 19:33Summary
Security update for nodejs20
Notes
Title of the patch
Security update for nodejs20
Description of the patch
This update for nodejs20 fixes the following issues:
Update to 20.18.2:
- CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics (bsc#1236251)
- CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250)
- CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258)
Patchnames
SUSE-2025-237,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-237,openSUSE-SLE-15.6-2025-237
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs20",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs20 fixes the following issues:\n\nUpdate to 20.18.2:\n\n- CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics (bsc#1236251)\n- CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250)\n- CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-237,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-237,openSUSE-SLE-15.6-2025-237",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0237-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0237-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250237-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0237-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020197.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236250",
"url": "https://bugzilla.suse.com/1236250"
},
{
"category": "self",
"summary": "SUSE Bug 1236251",
"url": "https://bugzilla.suse.com/1236251"
},
{
"category": "self",
"summary": "SUSE Bug 1236258",
"url": "https://bugzilla.suse.com/1236258"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22150 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23083 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23085/"
}
],
"title": "Security update for nodejs20",
"tracking": {
"current_release_date": "2025-01-24T19:33:36Z",
"generator": {
"date": "2025-01-24T19:33:36Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0237-1",
"initial_release_date": "2025-01-24T19:33:36Z",
"revision_history": [
{
"date": "2025-01-24T19:33:36Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.18.2-150600.3.9.1.aarch64",
"product": {
"name": "corepack20-20.18.2-150600.3.9.1.aarch64",
"product_id": "corepack20-20.18.2-150600.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs20-20.18.2-150600.3.9.1.aarch64",
"product": {
"name": "nodejs20-20.18.2-150600.3.9.1.aarch64",
"product_id": "nodejs20-20.18.2-150600.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"product": {
"name": "nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"product_id": "nodejs20-devel-20.18.2-150600.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm20-20.18.2-150600.3.9.1.aarch64",
"product": {
"name": "npm20-20.18.2-150600.3.9.1.aarch64",
"product_id": "npm20-20.18.2-150600.3.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.18.2-150600.3.9.1.i586",
"product": {
"name": "corepack20-20.18.2-150600.3.9.1.i586",
"product_id": "corepack20-20.18.2-150600.3.9.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs20-20.18.2-150600.3.9.1.i586",
"product": {
"name": "nodejs20-20.18.2-150600.3.9.1.i586",
"product_id": "nodejs20-20.18.2-150600.3.9.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.18.2-150600.3.9.1.i586",
"product": {
"name": "nodejs20-devel-20.18.2-150600.3.9.1.i586",
"product_id": "nodejs20-devel-20.18.2-150600.3.9.1.i586"
}
},
{
"category": "product_version",
"name": "npm20-20.18.2-150600.3.9.1.i586",
"product": {
"name": "npm20-20.18.2-150600.3.9.1.i586",
"product_id": "npm20-20.18.2-150600.3.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"product": {
"name": "nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"product_id": "nodejs20-docs-20.18.2-150600.3.9.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.18.2-150600.3.9.1.ppc64le",
"product": {
"name": "corepack20-20.18.2-150600.3.9.1.ppc64le",
"product_id": "corepack20-20.18.2-150600.3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs20-20.18.2-150600.3.9.1.ppc64le",
"product": {
"name": "nodejs20-20.18.2-150600.3.9.1.ppc64le",
"product_id": "nodejs20-20.18.2-150600.3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"product": {
"name": "nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"product_id": "nodejs20-devel-20.18.2-150600.3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm20-20.18.2-150600.3.9.1.ppc64le",
"product": {
"name": "npm20-20.18.2-150600.3.9.1.ppc64le",
"product_id": "npm20-20.18.2-150600.3.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.18.2-150600.3.9.1.s390x",
"product": {
"name": "corepack20-20.18.2-150600.3.9.1.s390x",
"product_id": "corepack20-20.18.2-150600.3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs20-20.18.2-150600.3.9.1.s390x",
"product": {
"name": "nodejs20-20.18.2-150600.3.9.1.s390x",
"product_id": "nodejs20-20.18.2-150600.3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"product": {
"name": "nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"product_id": "nodejs20-devel-20.18.2-150600.3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "npm20-20.18.2-150600.3.9.1.s390x",
"product": {
"name": "npm20-20.18.2-150600.3.9.1.s390x",
"product_id": "npm20-20.18.2-150600.3.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.18.2-150600.3.9.1.x86_64",
"product": {
"name": "corepack20-20.18.2-150600.3.9.1.x86_64",
"product_id": "corepack20-20.18.2-150600.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs20-20.18.2-150600.3.9.1.x86_64",
"product": {
"name": "nodejs20-20.18.2-150600.3.9.1.x86_64",
"product_id": "nodejs20-20.18.2-150600.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"product": {
"name": "nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"product_id": "nodejs20-devel-20.18.2-150600.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm20-20.18.2-150600.3.9.1.x86_64",
"product": {
"name": "npm20-20.18.2-150600.3.9.1.x86_64",
"product_id": "npm20-20.18.2-150600.3.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150600.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.aarch64"
},
"product_reference": "nodejs20-20.18.2-150600.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150600.3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.ppc64le"
},
"product_reference": "nodejs20-20.18.2-150600.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150600.3.9.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.s390x"
},
"product_reference": "nodejs20-20.18.2-150600.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150600.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.x86_64"
},
"product_reference": "nodejs20-20.18.2-150600.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150600.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64"
},
"product_reference": "nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150600.3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le"
},
"product_reference": "nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150600.3.9.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.s390x"
},
"product_reference": "nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150600.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64"
},
"product_reference": "nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-docs-20.18.2-150600.3.9.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-docs-20.18.2-150600.3.9.1.noarch"
},
"product_reference": "nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150600.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.aarch64"
},
"product_reference": "npm20-20.18.2-150600.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150600.3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.ppc64le"
},
"product_reference": "npm20-20.18.2-150600.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150600.3.9.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.s390x"
},
"product_reference": "npm20-20.18.2-150600.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150600.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.x86_64"
},
"product_reference": "npm20-20.18.2-150600.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack20-20.18.2-150600.3.9.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.aarch64"
},
"product_reference": "corepack20-20.18.2-150600.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack20-20.18.2-150600.3.9.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.ppc64le"
},
"product_reference": "corepack20-20.18.2-150600.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack20-20.18.2-150600.3.9.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.s390x"
},
"product_reference": "corepack20-20.18.2-150600.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack20-20.18.2-150600.3.9.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.x86_64"
},
"product_reference": "corepack20-20.18.2-150600.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150600.3.9.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.aarch64"
},
"product_reference": "nodejs20-20.18.2-150600.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150600.3.9.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.ppc64le"
},
"product_reference": "nodejs20-20.18.2-150600.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150600.3.9.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.s390x"
},
"product_reference": "nodejs20-20.18.2-150600.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150600.3.9.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.x86_64"
},
"product_reference": "nodejs20-20.18.2-150600.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150600.3.9.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64"
},
"product_reference": "nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150600.3.9.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le"
},
"product_reference": "nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150600.3.9.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.s390x"
},
"product_reference": "nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150600.3.9.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64"
},
"product_reference": "nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-docs-20.18.2-150600.3.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs20-docs-20.18.2-150600.3.9.1.noarch"
},
"product_reference": "nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150600.3.9.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.aarch64"
},
"product_reference": "npm20-20.18.2-150600.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150600.3.9.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.ppc64le"
},
"product_reference": "npm20-20.18.2-150600.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150600.3.9.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.s390x"
},
"product_reference": "npm20-20.18.2-150600.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150600.3.9.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.x86_64"
},
"product_reference": "npm20-20.18.2-150600.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22150"
}
],
"notes": [
{
"category": "general",
"text": "Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22150",
"url": "https://www.suse.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "SUSE Bug 1236257 for CVE-2025-22150",
"url": "https://bugzilla.suse.com/1236257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T19:33:36Z",
"details": "moderate"
}
],
"title": "CVE-2025-22150"
},
{
"cve": "CVE-2025-23083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23083"
}
],
"notes": [
{
"category": "general",
"text": "With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \r\n\r\nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23083",
"url": "https://www.suse.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "SUSE Bug 1236251 for CVE-2025-23083",
"url": "https://bugzilla.suse.com/1236251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T19:33:36Z",
"details": "important"
}
],
"title": "CVE-2025-23083"
},
{
"cve": "CVE-2025-23085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23085"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.\r\n\r\nThis vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23085",
"url": "https://www.suse.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "SUSE Bug 1236250 for CVE-2025-23085",
"url": "https://bugzilla.suse.com/1236250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T19:33:36Z",
"details": "moderate"
}
],
"title": "CVE-2025-23085"
}
]
}
CERTFR-2025-AVI-0170
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 12.2.4 IF4 | ||
| IBM | QRadar | QRadar Data Synchronization versions antérieures à 3.2.1 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 iFix 02 | ||
| IBM | WebSphere | WebSphere Application Server versions 9.0.x sans le correctif de sécurité temporaire PH16353 ou antérieures à 9.0.5.2 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.1.x antérieures à 6.1.0.2 iFix 02 | ||
| IBM | Cognos Dashboards | Cognos Dashboards on Cloud Pak for Data versions 4.x sans le dernier correctif de sécurité | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 IF2 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.0.x antérieures à 6.0.3.1 iFix 02 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.2.x antérieures à 6.2.0.1 iFix 01 | ||
| IBM | Cognos Dashboards | Cognos Dashboards on Cloud Pak for Data versions 5.x antérieures à 5.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 12.2.4 IF4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Data Synchronization versions ant\u00e9rieures \u00e0 3.2.1",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 iFix 02",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 9.0.x sans le correctif de s\u00e9curit\u00e9 temporaire PH16353 ou ant\u00e9rieures \u00e0 9.0.5.2",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.2 iFix 02",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Dashboards on Cloud Pak for Data versions 4.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Cognos Dashboards",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 IF2",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 iFix 02",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.1 iFix 01",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Dashboards on Cloud Pak for Data versions 5.x ant\u00e9rieures \u00e0 5.1",
"product": {
"name": "Cognos Dashboards",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-21536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21536"
},
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2023-35946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35946"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2015-7450",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7450"
},
{
"name": "CVE-2022-48554",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
},
{
"name": "CVE-2018-19797",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19797"
},
{
"name": "CVE-2023-28523",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28523"
},
{
"name": "CVE-2021-27290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27290"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2023-31124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31124"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2023-23936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
},
{
"name": "CVE-2018-19827",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19827"
},
{
"name": "CVE-2018-11694",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11694"
},
{
"name": "CVE-2024-39331",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39331"
},
{
"name": "CVE-2022-4904",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4904"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2024-30205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30205"
},
{
"name": "CVE-2024-40094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40094"
},
{
"name": "CVE-2023-24807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24807"
},
{
"name": "CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-30203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30203"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2021-35065",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
},
{
"name": "CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"name": "CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2023-31147",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31147"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2024-56340",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56340"
},
{
"name": "CVE-2024-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2024-45216",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45216"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-28527",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28527"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2019-6286",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6286"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2018-19839",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19839"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-45217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45217"
},
{
"name": "CVE-2024-38999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38999"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2018-20821",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20821"
},
{
"name": "CVE-2019-6283",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6283"
},
{
"name": "CVE-2023-35947",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35947"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2023-23919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2024-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30204"
},
{
"name": "CVE-2018-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20190"
},
{
"name": "CVE-2023-28526",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28526"
},
{
"name": "CVE-2023-28155",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28155"
},
{
"name": "CVE-2018-11698",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11698"
},
{
"name": "CVE-2025-0823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0823"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2023-31130",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2020-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0170",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-02-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7183676",
"url": "https://www.ibm.com/support/pages/node/7183676"
},
{
"published_at": "2019-11-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 1107105",
"url": "https://www.ibm.com/support/pages/node/1107105"
},
{
"published_at": "2025-02-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184475",
"url": "https://www.ibm.com/support/pages/node/7184475"
},
{
"published_at": "2025-02-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184474",
"url": "https://www.ibm.com/support/pages/node/7184474"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184092",
"url": "https://www.ibm.com/support/pages/node/7184092"
},
{
"published_at": "2025-02-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184217",
"url": "https://www.ibm.com/support/pages/node/7184217"
},
{
"published_at": "2025-02-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184476",
"url": "https://www.ibm.com/support/pages/node/7184476"
}
]
}
CERTFR-2025-AVI-0724
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | QRadar Incident Forensics versions 7.5.x antérieures à QIF 7.5.0 UP13 IF01 | ||
| IBM | WebSphere Service Registry and Repository | WebSphere Service Registry and Repository versions 8.5 sans les derniers correctifs de sécurité | ||
| IBM | Sterling B2B Integrator | Sterling B2B Integrator versions 6.x antérieures à 6.2.1.1 | ||
| IBM | QRadar | QRadar Data Synchronization App versions antérieures à 3.2.2 | ||
| IBM | QRadar Log Source Management App | QRadar Log Source Management App versions antérieures à 7.0.12 | ||
| IBM | Sterling File Gateway | Sterling File Gateway versions 6.x antérieures à 6.2.1.1 | ||
| IBM | QRadar SIEM | QRadar SIEM QRadar versions 7.5.x antérieures à 7.5.0 UP13 IF01 | ||
| IBM | QRadar | SOAR QRadar Plugin App versions antérieures à 5.6.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar Incident Forensics versions 7.5.x ant\u00e9rieures \u00e0 QIF 7.5.0 UP13 IF01",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository versions 8.5 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere Service Registry and Repository",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions 6.x ant\u00e9rieures \u00e0 6.2.1.1",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Data Synchronization App versions ant\u00e9rieures \u00e0 3.2.2",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Log Source Management App versions ant\u00e9rieures \u00e0 7.0.12",
"product": {
"name": "QRadar Log Source Management App",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling File Gateway versions 6.x ant\u00e9rieures \u00e0 6.2.1.1",
"product": {
"name": "Sterling File Gateway",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM QRadar versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP13 IF01",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.6.2",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-32996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32996"
},
{
"name": "CVE-2025-36042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36042"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2025-48050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48050"
},
{
"name": "CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"name": "CVE-2024-11831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
},
{
"name": "CVE-2025-6545",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6545"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2018-14732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14732"
},
{
"name": "CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"name": "CVE-2025-32997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32997"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-30360",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30360"
},
{
"name": "CVE-2025-33120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33120"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-30359",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30359"
},
{
"name": "CVE-2025-6547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6547"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0724",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-08-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242291",
"url": "https://www.ibm.com/support/pages/node/7242291"
},
{
"published_at": "2025-08-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242269",
"url": "https://www.ibm.com/support/pages/node/7242269"
},
{
"published_at": "2025-08-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242292",
"url": "https://www.ibm.com/support/pages/node/7242292"
},
{
"published_at": "2025-08-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242246",
"url": "https://www.ibm.com/support/pages/node/7242246"
},
{
"published_at": "2025-08-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242869",
"url": "https://www.ibm.com/support/pages/node/7242869"
},
{
"published_at": "2025-08-20",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242665",
"url": "https://www.ibm.com/support/pages/node/7242665"
}
]
}
CERTFR-2025-AVI-0214
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cloud Pak System | Cloud Pak System versions antérieures à v2.3.4.1 pour Intel | ||
| IBM | Security QRadar EDR | Security QRadar EDR versions antérieures à 3.12.16 | ||
| IBM | Sterling | Sterling B2B Integrator versions 6.2.x antérieures à 6.2.0.4 | ||
| IBM | Cloud Pak System | Cloud Pak System versions antérieures à v2.3.5.0 pour Power | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.0 antérieures à 7.5.0 UP11 IF03 | ||
| IBM | Sterling | Sterling B2B Integrator versions antérieures à 6.1.2.7 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cloud Pak System versions ant\u00e9rieures \u00e0 v2.3.4.1 pour Intel",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.16",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.4",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak System versions ant\u00e9rieures \u00e0 v2.3.5.0 pour Power",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP11 IF03",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions ant\u00e9rieures \u00e0 6.1.2.7",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2022-48564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2024-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11187"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2024-45638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45638"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2021-32804",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2023-32762",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32762"
},
{
"name": "CVE-2022-48565",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48565"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2023-32763",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32763"
},
{
"name": "CVE-2022-24302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24302"
},
{
"name": "CVE-2025-1244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1244"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2022-48566",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48566"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2024-27306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27306"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2021-32803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-27268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27268"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-48560",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
},
{
"name": "CVE-2024-45643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45643"
},
{
"name": "CVE-2023-32573",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32573"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2024-0690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0690"
},
{
"name": "CVE-2022-1365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1365"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2022-4742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4742"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0214",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-03-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185937",
"url": "https://www.ibm.com/support/pages/node/7185937"
},
{
"published_at": "2025-03-13",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185675",
"url": "https://www.ibm.com/support/pages/node/7185675"
},
{
"published_at": "2025-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185257",
"url": "https://www.ibm.com/support/pages/node/7185257"
},
{
"published_at": "2025-03-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185938",
"url": "https://www.ibm.com/support/pages/node/7185938"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185353",
"url": "https://www.ibm.com/support/pages/node/7185353"
}
]
}
CERTFR-2025-AVI-0170
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 12.2.4 IF4 | ||
| IBM | QRadar | QRadar Data Synchronization versions antérieures à 3.2.1 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 iFix 02 | ||
| IBM | WebSphere | WebSphere Application Server versions 9.0.x sans le correctif de sécurité temporaire PH16353 ou antérieures à 9.0.5.2 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.1.x antérieures à 6.1.0.2 iFix 02 | ||
| IBM | Cognos Dashboards | Cognos Dashboards on Cloud Pak for Data versions 4.x sans le dernier correctif de sécurité | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 IF2 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.0.x antérieures à 6.0.3.1 iFix 02 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.2.x antérieures à 6.2.0.1 iFix 01 | ||
| IBM | Cognos Dashboards | Cognos Dashboards on Cloud Pak for Data versions 5.x antérieures à 5.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 12.2.4 IF4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Data Synchronization versions ant\u00e9rieures \u00e0 3.2.1",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 iFix 02",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 9.0.x sans le correctif de s\u00e9curit\u00e9 temporaire PH16353 ou ant\u00e9rieures \u00e0 9.0.5.2",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.2 iFix 02",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Dashboards on Cloud Pak for Data versions 4.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Cognos Dashboards",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 IF2",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 iFix 02",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.1 iFix 01",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Dashboards on Cloud Pak for Data versions 5.x ant\u00e9rieures \u00e0 5.1",
"product": {
"name": "Cognos Dashboards",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-21536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21536"
},
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2023-35946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35946"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2015-7450",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7450"
},
{
"name": "CVE-2022-48554",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
},
{
"name": "CVE-2018-19797",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19797"
},
{
"name": "CVE-2023-28523",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28523"
},
{
"name": "CVE-2021-27290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27290"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2023-31124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31124"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2023-23936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
},
{
"name": "CVE-2018-19827",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19827"
},
{
"name": "CVE-2018-11694",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11694"
},
{
"name": "CVE-2024-39331",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39331"
},
{
"name": "CVE-2022-4904",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4904"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2024-30205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30205"
},
{
"name": "CVE-2024-40094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40094"
},
{
"name": "CVE-2023-24807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24807"
},
{
"name": "CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-30203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30203"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2021-35065",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
},
{
"name": "CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"name": "CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2023-31147",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31147"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2024-56340",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56340"
},
{
"name": "CVE-2024-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2024-45216",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45216"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-28527",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28527"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2019-6286",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6286"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2018-19839",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19839"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-45217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45217"
},
{
"name": "CVE-2024-38999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38999"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2018-20821",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20821"
},
{
"name": "CVE-2019-6283",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6283"
},
{
"name": "CVE-2023-35947",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35947"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2023-23919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2024-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30204"
},
{
"name": "CVE-2018-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20190"
},
{
"name": "CVE-2023-28526",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28526"
},
{
"name": "CVE-2023-28155",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28155"
},
{
"name": "CVE-2018-11698",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11698"
},
{
"name": "CVE-2025-0823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0823"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2023-31130",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2020-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0170",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-02-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7183676",
"url": "https://www.ibm.com/support/pages/node/7183676"
},
{
"published_at": "2019-11-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 1107105",
"url": "https://www.ibm.com/support/pages/node/1107105"
},
{
"published_at": "2025-02-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184475",
"url": "https://www.ibm.com/support/pages/node/7184475"
},
{
"published_at": "2025-02-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184474",
"url": "https://www.ibm.com/support/pages/node/7184474"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184092",
"url": "https://www.ibm.com/support/pages/node/7184092"
},
{
"published_at": "2025-02-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184217",
"url": "https://www.ibm.com/support/pages/node/7184217"
},
{
"published_at": "2025-02-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184476",
"url": "https://www.ibm.com/support/pages/node/7184476"
}
]
}
CERTFR-2025-AVI-0214
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cloud Pak System | Cloud Pak System versions antérieures à v2.3.4.1 pour Intel | ||
| IBM | Security QRadar EDR | Security QRadar EDR versions antérieures à 3.12.16 | ||
| IBM | Sterling | Sterling B2B Integrator versions 6.2.x antérieures à 6.2.0.4 | ||
| IBM | Cloud Pak System | Cloud Pak System versions antérieures à v2.3.5.0 pour Power | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.0 antérieures à 7.5.0 UP11 IF03 | ||
| IBM | Sterling | Sterling B2B Integrator versions antérieures à 6.1.2.7 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cloud Pak System versions ant\u00e9rieures \u00e0 v2.3.4.1 pour Intel",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.16",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.4",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak System versions ant\u00e9rieures \u00e0 v2.3.5.0 pour Power",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP11 IF03",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions ant\u00e9rieures \u00e0 6.1.2.7",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2022-48564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2024-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11187"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2024-45638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45638"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2021-32804",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2023-32762",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32762"
},
{
"name": "CVE-2022-48565",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48565"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2023-32763",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32763"
},
{
"name": "CVE-2022-24302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24302"
},
{
"name": "CVE-2025-1244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1244"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2022-48566",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48566"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2024-27306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27306"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2021-32803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-27268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27268"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-48560",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
},
{
"name": "CVE-2024-45643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45643"
},
{
"name": "CVE-2023-32573",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32573"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2024-0690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0690"
},
{
"name": "CVE-2022-1365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1365"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2022-4742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4742"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0214",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-03-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185937",
"url": "https://www.ibm.com/support/pages/node/7185937"
},
{
"published_at": "2025-03-13",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185675",
"url": "https://www.ibm.com/support/pages/node/7185675"
},
{
"published_at": "2025-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185257",
"url": "https://www.ibm.com/support/pages/node/7185257"
},
{
"published_at": "2025-03-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185938",
"url": "https://www.ibm.com/support/pages/node/7185938"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185353",
"url": "https://www.ibm.com/support/pages/node/7185353"
}
]
}
CERTFR-2025-AVI-0724
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | QRadar Incident Forensics versions 7.5.x antérieures à QIF 7.5.0 UP13 IF01 | ||
| IBM | WebSphere Service Registry and Repository | WebSphere Service Registry and Repository versions 8.5 sans les derniers correctifs de sécurité | ||
| IBM | Sterling B2B Integrator | Sterling B2B Integrator versions 6.x antérieures à 6.2.1.1 | ||
| IBM | QRadar | QRadar Data Synchronization App versions antérieures à 3.2.2 | ||
| IBM | QRadar Log Source Management App | QRadar Log Source Management App versions antérieures à 7.0.12 | ||
| IBM | Sterling File Gateway | Sterling File Gateway versions 6.x antérieures à 6.2.1.1 | ||
| IBM | QRadar SIEM | QRadar SIEM QRadar versions 7.5.x antérieures à 7.5.0 UP13 IF01 | ||
| IBM | QRadar | SOAR QRadar Plugin App versions antérieures à 5.6.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar Incident Forensics versions 7.5.x ant\u00e9rieures \u00e0 QIF 7.5.0 UP13 IF01",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository versions 8.5 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere Service Registry and Repository",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions 6.x ant\u00e9rieures \u00e0 6.2.1.1",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Data Synchronization App versions ant\u00e9rieures \u00e0 3.2.2",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Log Source Management App versions ant\u00e9rieures \u00e0 7.0.12",
"product": {
"name": "QRadar Log Source Management App",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling File Gateway versions 6.x ant\u00e9rieures \u00e0 6.2.1.1",
"product": {
"name": "Sterling File Gateway",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM QRadar versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP13 IF01",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.6.2",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-32996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32996"
},
{
"name": "CVE-2025-36042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36042"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2025-48050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48050"
},
{
"name": "CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"name": "CVE-2024-11831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
},
{
"name": "CVE-2025-6545",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6545"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2018-14732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14732"
},
{
"name": "CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"name": "CVE-2025-32997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32997"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-30360",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30360"
},
{
"name": "CVE-2025-33120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33120"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-30359",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30359"
},
{
"name": "CVE-2025-6547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6547"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0724",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-08-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242291",
"url": "https://www.ibm.com/support/pages/node/7242291"
},
{
"published_at": "2025-08-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242269",
"url": "https://www.ibm.com/support/pages/node/7242269"
},
{
"published_at": "2025-08-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242292",
"url": "https://www.ibm.com/support/pages/node/7242292"
},
{
"published_at": "2025-08-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242246",
"url": "https://www.ibm.com/support/pages/node/7242246"
},
{
"published_at": "2025-08-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242869",
"url": "https://www.ibm.com/support/pages/node/7242869"
},
{
"published_at": "2025-08-20",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242665",
"url": "https://www.ibm.com/support/pages/node/7242665"
}
]
}
FKIE_CVE-2025-22150
Vulnerability from fkie_nvd - Published: 2025-01-21 18:15 - Updated: 2025-01-21 18:15
Severity ?
Summary
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers."
},
{
"lang": "es",
"value": "Undici es un cliente HTTP/1.1. A partir de la versi\u00f3n 4.5.0 y antes de las versiones 5.28.5, 6.21.1 y 7.2.3, undici usa `Math.random()` para elegir el l\u00edmite de una solicitud multiparte/form-data. Se sabe que la salida de `Math.random()` se puede predecir si se conocen varios de sus valores generados. Si hay un mecanismo en una aplicaci\u00f3n que env\u00eda solicitudes multiparte a un sitio web controlado por un atacante, este puede usarlo para filtrar los valores necesarios. Por lo tanto, un atacante puede manipular las solicitudes que van a las API de backend si se cumplen ciertas condiciones. Esto se solucion\u00f3 en las versiones 5.28.5, 6.21.1 y 7.2.3. Como workaround, no env\u00ede solicitudes multiparte a servidores controlados por un atacante."
}
],
"id": "CVE-2025-22150",
"lastModified": "2025-01-21T18:15:14.887",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-01-21T18:15:14.887",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"source": "security-advisories@github.com",
"url": "https://hackerone.com/reports/2913312"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
OPENSUSE-SU-2025:14706-1
Vulnerability from csaf_opensuse - Published: 2025-01-28 00:00 - Updated: 2025-01-28 00:00Summary
corepack22-22.13.0-1.1 on GA media
Notes
Title of the patch
corepack22-22.13.0-1.1 on GA media
Description of the patch
These are all security issues fixed in the corepack22-22.13.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-14706
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "corepack22-22.13.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the corepack22-22.13.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14706",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14706-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:14706-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WLMBUS6KTOM5ZRBZUFNAWPANSHPLYG3W/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:14706-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WLMBUS6KTOM5ZRBZUFNAWPANSHPLYG3W/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22150 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23083 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23085/"
}
],
"title": "corepack22-22.13.0-1.1 on GA media",
"tracking": {
"current_release_date": "2025-01-28T00:00:00Z",
"generator": {
"date": "2025-01-28T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14706-1",
"initial_release_date": "2025-01-28T00:00:00Z",
"revision_history": [
{
"date": "2025-01-28T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.13.0-1.1.aarch64",
"product": {
"name": "corepack22-22.13.0-1.1.aarch64",
"product_id": "corepack22-22.13.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs22-22.13.0-1.1.aarch64",
"product": {
"name": "nodejs22-22.13.0-1.1.aarch64",
"product_id": "nodejs22-22.13.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.13.0-1.1.aarch64",
"product": {
"name": "nodejs22-devel-22.13.0-1.1.aarch64",
"product_id": "nodejs22-devel-22.13.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs22-docs-22.13.0-1.1.aarch64",
"product": {
"name": "nodejs22-docs-22.13.0-1.1.aarch64",
"product_id": "nodejs22-docs-22.13.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm22-22.13.0-1.1.aarch64",
"product": {
"name": "npm22-22.13.0-1.1.aarch64",
"product_id": "npm22-22.13.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.13.0-1.1.ppc64le",
"product": {
"name": "corepack22-22.13.0-1.1.ppc64le",
"product_id": "corepack22-22.13.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs22-22.13.0-1.1.ppc64le",
"product": {
"name": "nodejs22-22.13.0-1.1.ppc64le",
"product_id": "nodejs22-22.13.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.13.0-1.1.ppc64le",
"product": {
"name": "nodejs22-devel-22.13.0-1.1.ppc64le",
"product_id": "nodejs22-devel-22.13.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs22-docs-22.13.0-1.1.ppc64le",
"product": {
"name": "nodejs22-docs-22.13.0-1.1.ppc64le",
"product_id": "nodejs22-docs-22.13.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm22-22.13.0-1.1.ppc64le",
"product": {
"name": "npm22-22.13.0-1.1.ppc64le",
"product_id": "npm22-22.13.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.13.0-1.1.s390x",
"product": {
"name": "corepack22-22.13.0-1.1.s390x",
"product_id": "corepack22-22.13.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs22-22.13.0-1.1.s390x",
"product": {
"name": "nodejs22-22.13.0-1.1.s390x",
"product_id": "nodejs22-22.13.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.13.0-1.1.s390x",
"product": {
"name": "nodejs22-devel-22.13.0-1.1.s390x",
"product_id": "nodejs22-devel-22.13.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs22-docs-22.13.0-1.1.s390x",
"product": {
"name": "nodejs22-docs-22.13.0-1.1.s390x",
"product_id": "nodejs22-docs-22.13.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "npm22-22.13.0-1.1.s390x",
"product": {
"name": "npm22-22.13.0-1.1.s390x",
"product_id": "npm22-22.13.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.13.0-1.1.x86_64",
"product": {
"name": "corepack22-22.13.0-1.1.x86_64",
"product_id": "corepack22-22.13.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs22-22.13.0-1.1.x86_64",
"product": {
"name": "nodejs22-22.13.0-1.1.x86_64",
"product_id": "nodejs22-22.13.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.13.0-1.1.x86_64",
"product": {
"name": "nodejs22-devel-22.13.0-1.1.x86_64",
"product_id": "nodejs22-devel-22.13.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs22-docs-22.13.0-1.1.x86_64",
"product": {
"name": "nodejs22-docs-22.13.0-1.1.x86_64",
"product_id": "nodejs22-docs-22.13.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm22-22.13.0-1.1.x86_64",
"product": {
"name": "npm22-22.13.0-1.1.x86_64",
"product_id": "npm22-22.13.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.13.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:corepack22-22.13.0-1.1.aarch64"
},
"product_reference": "corepack22-22.13.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.13.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:corepack22-22.13.0-1.1.ppc64le"
},
"product_reference": "corepack22-22.13.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.13.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:corepack22-22.13.0-1.1.s390x"
},
"product_reference": "corepack22-22.13.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.13.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:corepack22-22.13.0-1.1.x86_64"
},
"product_reference": "corepack22-22.13.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.13.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs22-22.13.0-1.1.aarch64"
},
"product_reference": "nodejs22-22.13.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.13.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs22-22.13.0-1.1.ppc64le"
},
"product_reference": "nodejs22-22.13.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.13.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs22-22.13.0-1.1.s390x"
},
"product_reference": "nodejs22-22.13.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.13.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs22-22.13.0-1.1.x86_64"
},
"product_reference": "nodejs22-22.13.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.13.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.aarch64"
},
"product_reference": "nodejs22-devel-22.13.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.13.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.ppc64le"
},
"product_reference": "nodejs22-devel-22.13.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.13.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.s390x"
},
"product_reference": "nodejs22-devel-22.13.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.13.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.x86_64"
},
"product_reference": "nodejs22-devel-22.13.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.13.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.aarch64"
},
"product_reference": "nodejs22-docs-22.13.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.13.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.ppc64le"
},
"product_reference": "nodejs22-docs-22.13.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.13.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.s390x"
},
"product_reference": "nodejs22-docs-22.13.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.13.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.x86_64"
},
"product_reference": "nodejs22-docs-22.13.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.13.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:npm22-22.13.0-1.1.aarch64"
},
"product_reference": "npm22-22.13.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.13.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:npm22-22.13.0-1.1.ppc64le"
},
"product_reference": "npm22-22.13.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.13.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:npm22-22.13.0-1.1.s390x"
},
"product_reference": "npm22-22.13.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.13.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:npm22-22.13.0-1.1.x86_64"
},
"product_reference": "npm22-22.13.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22150"
}
],
"notes": [
{
"category": "general",
"text": "Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22150",
"url": "https://www.suse.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "SUSE Bug 1236257 for CVE-2025-22150",
"url": "https://bugzilla.suse.com/1236257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22150"
},
{
"cve": "CVE-2025-23083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23083"
}
],
"notes": [
{
"category": "general",
"text": "With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \r\n\r\nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23083",
"url": "https://www.suse.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "SUSE Bug 1236251 for CVE-2025-23083",
"url": "https://bugzilla.suse.com/1236251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-28T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-23083"
},
{
"cve": "CVE-2025-23085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23085"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.\r\n\r\nThis vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23085",
"url": "https://www.suse.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "SUSE Bug 1236250 for CVE-2025-23085",
"url": "https://bugzilla.suse.com/1236250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-23085"
}
]
}
GHSA-C76H-2CCP-4975
Vulnerability from github – Published: 2025-01-21 21:10 – Updated: 2025-01-21 21:10
VLAI?
Summary
Use of Insufficiently Random Values in undici
Details
Impact
Undici fetch() uses Math.random() to choose the boundary for a multipart/form-data request. It is known that the output of Math.random() can be predicted if several of its generated values are known.
If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, An attacker can tamper with the requests going to the backend APIs if certain conditions are met.
Patches
This is fixed in 5.28.5; 6.21.1; 7.2.3.
Workarounds
Do not issue multipart requests to attacker controlled servers.
References
- https://hackerone.com/reports/2913312
- https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f
Severity ?
6.8 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "undici"
},
"ranges": [
{
"events": [
{
"introduced": "4.5.0"
},
{
"fixed": "5.28.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "undici"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.21.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "undici"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.2.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-22150"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": true,
"github_reviewed_at": "2025-01-21T21:10:47Z",
"nvd_published_at": "2025-01-21T18:15:14Z",
"severity": "MODERATE"
},
"details": "### Impact\n\n[Undici `fetch()` uses Math.random()](https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113) to choose the boundary for a multipart/form-data request. It is known that the output of Math.random() can be predicted if several of its generated values are known.\n\nIf there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, An attacker can tamper with the requests going to the backend APIs if certain conditions are met.\n\n### Patches\n\nThis is fixed in 5.28.5; 6.21.1; 7.2.3.\n\n### Workarounds\n\nDo not issue multipart requests to attacker controlled servers.\n\n### References\n\n* https://hackerone.com/reports/2913312\n* https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f\n",
"id": "GHSA-c76h-2ccp-4975",
"modified": "2025-01-21T21:10:47Z",
"published": "2025-01-21T21:10:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"type": "WEB",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"type": "WEB",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"type": "WEB",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/2913312"
},
{
"type": "WEB",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"type": "PACKAGE",
"url": "https://github.com/nodejs/undici"
},
{
"type": "WEB",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Use of Insufficiently Random Values in undici"
}
WID-SEC-W-2025-0156
Vulnerability from csaf_certbund - Published: 2025-01-21 23:00 - Updated: 2025-06-12 22:00Summary
Node.js: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Node.js ist eine Plattform zur Entwicklung von Netzwerkanwendungen.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Node.js ausnutzen, um Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen preiszugeben, einen Denial-of-Service-Zustand herbeizuführen oder nicht näher spezifizierte Angriffe zu starten.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Node.js ist eine Plattform zur Entwicklung von Netzwerkanwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Node.js ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen preiszugeben, einen Denial-of-Service-Zustand herbeizuf\u00fchren oder nicht n\u00e4her spezifizierte Angriffe zu starten.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0156 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0156.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0156 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0156"
},
{
"category": "external",
"summary": "Node.js Security Releases vom 2025-01-21",
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-8E0ECB9BB6 vom 2025-01-24",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-8e0ecb9bb6"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-E330D34ECC vom 2025-01-24",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-e330d34ecc"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-87A8AF2834 vom 2025-01-24",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-87a8af2834"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-54958FF9E2 vom 2025-01-24",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-54958ff9e2"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-76FC32D433 vom 2025-01-24",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-76fc32d433"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-CC8F9D8943 vom 2025-01-24",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-cc8f9d8943"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0234-1 vom 2025-01-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020199.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0232-1 vom 2025-01-24",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/EAA5VVUZ2Z26CMX7SWWG3KZWFXWZOLOI/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0233-1 vom 2025-01-24",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/5MXRI7LITQSHGS7TS5FVZS5J5SFQEZOC/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0237-1 vom 2025-01-24",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/4GHLFJIFCCY7T6727ECCVQVUTXPGIN56/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:14706-1 vom 2025-01-29",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/WLMBUS6KTOM5ZRBZUFNAWPANSHPLYG3W/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0284-1 vom 2025-01-29",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3E7XMAZSXTVJEOSNVU4GOEGWDOPIAF4W/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1351 vom 2025-02-12",
"url": "https://access.redhat.com/errata/RHSA-2025:1351"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:1443 vom 2025-02-13",
"url": "https://errata.build.resf.org/RLSA-2025:1443"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1446 vom 2025-02-13",
"url": "https://access.redhat.com/errata/RHSA-2025:1446"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1443 vom 2025-02-13",
"url": "https://access.redhat.com/errata/RHSA-2025:1443"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-1351 vom 2025-02-14",
"url": "https://linux.oracle.com/errata/ELSA-2025-1351.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:1446 vom 2025-02-13",
"url": "https://errata.build.resf.org/RLSA-2025:1446"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1454 vom 2025-02-13",
"url": "https://access.redhat.com/errata/RHSA-2025:1454"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1522 vom 2025-02-17",
"url": "https://access.redhat.com/errata/RHSA-2025:1522"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-1443 vom 2025-02-14",
"url": "https://linux.oracle.com/errata/ELSA-2025-1443.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-1446 vom 2025-02-14",
"url": "https://linux.oracle.com/errata/ELSA-2025-1446.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1611 vom 2025-02-17",
"url": "https://access.redhat.com/errata/RHSA-2025:1611"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1582 vom 2025-02-17",
"url": "https://access.redhat.com/errata/RHSA-2025:1582"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1613 vom 2025-02-17",
"url": "https://access.redhat.com/errata/RHSA-2025:1613"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-1582 vom 2025-02-19",
"url": "https://linux.oracle.com/errata/ELSA-2025-1582.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-1611 vom 2025-02-19",
"url": "https://linux.oracle.com/errata/ELSA-2025-1611.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-1613 vom 2025-02-19",
"url": "https://linux.oracle.com/errata/ELSA-2025-1613.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4067 vom 2025-02-25",
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00031.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:1613 vom 2025-02-26",
"url": "https://errata.build.resf.org/RLSA-2025:1613"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:1582 vom 2025-02-26",
"url": "https://errata.build.resf.org/RLSA-2025:1582"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:1611 vom 2025-02-26",
"url": "https://errata.build.resf.org/RLSA-2025:1611"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7185575 vom 2025-03-12",
"url": "https://www.ibm.com/support/pages/node/7185575"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7229110 vom 2025-03-26",
"url": "https://www.ibm.com/support/pages/node/7229110"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-7433 vom 2025-05-23",
"url": "https://linux.oracle.com/errata/ELSA-2025-7433.html"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX25-012 vom 2025-06-02",
"url": "https://security.business.xerox.com/wp-content/uploads/2025/06/Xerox-Security-Bulletin-XRX25-012-for-Xerox-FreeFlow-Print-Server-v9.pdf"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-8506 vom 2025-06-05",
"url": "https://linux.oracle.com/errata/ELSA-2025-8506.html"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202506-08 vom 2025-06-12",
"url": "https://security.gentoo.org/glsa/202506-08"
}
],
"source_lang": "en-US",
"title": "Node.js: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-06-12T22:00:00.000+00:00",
"generator": {
"date": "2025-06-13T07:00:07.710+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0156",
"initial_release_date": "2025-01-21T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-01-21T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-01-23T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2025-01-26T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-01-29T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von openSUSE und SUSE aufgenommen"
},
{
"date": "2025-02-12T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-13T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Rocky Enterprise Software Foundation, Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2025-02-16T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2025-02-17T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-18T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-02-19T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-02-25T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-02-26T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-03-12T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-03-26T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-05-25T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-06-02T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2025-06-04T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-06-12T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Gentoo aufgenommen"
}
],
"status": "final",
"version": "18"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "V24.0.0-V24.0.1",
"product": {
"name": "IBM Business Automation Workflow V24.0.0-V24.0.1",
"product_id": "T041843",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:v24.0.0_-_v24.0.1"
}
}
}
],
"category": "product_name",
"name": "Business Automation Workflow"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cv18.20.6",
"product": {
"name": "Open Source Node.js \u003cv18.20.6",
"product_id": "T040518"
}
},
{
"category": "product_version",
"name": "v18.20.6",
"product": {
"name": "Open Source Node.js v18.20.6",
"product_id": "T040518-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nodejs:nodejs:v18.20.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003cv20.18.2",
"product": {
"name": "Open Source Node.js \u003cv20.18.2",
"product_id": "T040519"
}
},
{
"category": "product_version",
"name": "v20.18.2",
"product": {
"name": "Open Source Node.js v20.18.2",
"product_id": "T040519-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nodejs:nodejs:v20.18.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003cv22.13.1",
"product": {
"name": "Open Source Node.js \u003cv22.13.1",
"product_id": "T040520"
}
},
{
"category": "product_version",
"name": "v22.13.1",
"product": {
"name": "Open Source Node.js v22.13.1",
"product_id": "T040520-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nodejs:nodejs:v22.13.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003cv23.6.1",
"product": {
"name": "Open Source Node.js \u003cv23.6.1",
"product_id": "T040521"
}
},
{
"category": "product_version",
"name": "v23.6.1",
"product": {
"name": "Open Source Node.js v23.6.1",
"product_id": "T040521-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nodejs:nodejs:v23.6.1"
}
}
},
{
"category": "product_version",
"name": "v17.x",
"product": {
"name": "Open Source Node.js v17.x",
"product_id": "T040525",
"product_identification_helper": {
"cpe": "cpe:/a:nodejs:nodejs:v17.x"
}
}
},
{
"category": "product_version",
"name": "v19.x",
"product": {
"name": "Open Source Node.js v19.x",
"product_id": "T040526",
"product_identification_helper": {
"cpe": "cpe:/a:nodejs:nodejs:v19.x"
}
}
},
{
"category": "product_version",
"name": "v21.x",
"product": {
"name": "Open Source Node.js v21.x",
"product_id": "T040527",
"product_identification_helper": {
"cpe": "cpe:/a:nodejs:nodejs:v21.x"
}
}
}
],
"category": "product_name",
"name": "Node.js"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "Developer Hub 1",
"product": {
"name": "Red Hat Enterprise Linux Developer Hub 1",
"product_id": "T041197",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:developer_hub_1"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "9",
"product": {
"name": "Xerox FreeFlow Print Server 9",
"product_id": "T002977",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:9"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"product_status": {
"known_affected": [
"T040519",
"T040518",
"67646",
"T040527",
"T040526",
"T040525",
"T002977",
"T012167",
"T004914",
"T032255",
"74185",
"T032495",
"T041197",
"2951",
"T002207",
"T027843",
"T041843",
"T040521",
"T040520"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-22150"
},
{
"cve": "CVE-2025-23083",
"product_status": {
"known_affected": [
"T040519",
"T040518",
"67646",
"T040527",
"T040526",
"T040525",
"T002977",
"T012167",
"T004914",
"T032255",
"74185",
"T032495",
"T041197",
"2951",
"T002207",
"T027843",
"T041843",
"T040521",
"T040520"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-23083"
},
{
"cve": "CVE-2025-23084",
"product_status": {
"known_affected": [
"T040519",
"T040518",
"67646",
"T040527",
"T040526",
"T040525",
"T002977",
"T012167",
"T004914",
"T032255",
"74185",
"T032495",
"T041197",
"2951",
"T002207",
"T027843",
"T041843",
"T040521",
"T040520"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-23084"
},
{
"cve": "CVE-2025-23085",
"product_status": {
"known_affected": [
"T040519",
"T040518",
"67646",
"T040527",
"T040526",
"T040525",
"T002977",
"T012167",
"T004914",
"T032255",
"74185",
"T032495",
"T041197",
"2951",
"T002207",
"T027843",
"T041843",
"T040521",
"T040520"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-23085"
},
{
"cve": "CVE-2025-23087",
"product_status": {
"known_affected": [
"T040519",
"T040518",
"67646",
"T040527",
"T040526",
"T040525",
"T002977",
"T012167",
"T004914",
"T032255",
"74185",
"T032495",
"T041197",
"2951",
"T002207",
"T027843",
"T041843",
"T040521",
"T040520"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-23087"
},
{
"cve": "CVE-2025-23088",
"product_status": {
"known_affected": [
"T040519",
"T040518",
"67646",
"T040527",
"T040526",
"T040525",
"T002977",
"T012167",
"T004914",
"T032255",
"74185",
"T032495",
"T041197",
"2951",
"T002207",
"T027843",
"T041843",
"T040521",
"T040520"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-23088"
},
{
"cve": "CVE-2025-23089",
"product_status": {
"known_affected": [
"T040519",
"T040518",
"67646",
"T040527",
"T040526",
"T040525",
"T002977",
"T012167",
"T004914",
"T032255",
"74185",
"T032495",
"T041197",
"2951",
"T002207",
"T027843",
"T041843",
"T040521",
"T040520"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-23089"
}
]
}
MSRC_CVE-2025-22150
Vulnerability from csaf_microsoft - Published: 2025-01-02 00:00 - Updated: 2025-02-20 00:00Summary
Undici Uses Insufficiently Random Values
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-22150 Undici Uses Insufficiently Random Values - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-22150.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Undici Uses Insufficiently Random Values",
"tracking": {
"current_release_date": "2025-02-20T00:00:00.000Z",
"generator": {
"date": "2025-10-20T02:49:00.516Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-22150",
"initial_release_date": "2025-01-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-02-14T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2025-02-20T00:00:00.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 nodejs 20.14.0-8",
"product": {
"name": "\u003cazl3 nodejs 20.14.0-8",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 nodejs 20.14.0-8",
"product": {
"name": "azl3 nodejs 20.14.0-8",
"product_id": "19608"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 nodejs 20.14.0-5",
"product": {
"name": "\u003cazl3 nodejs 20.14.0-5",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "azl3 nodejs 20.14.0-5",
"product": {
"name": "azl3 nodejs 20.14.0-5",
"product_id": "17696"
}
}
],
"category": "product_name",
"name": "nodejs"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 nodejs18 18.20.3-3",
"product": {
"name": "\u003ccbl2 nodejs18 18.20.3-3",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "cbl2 nodejs18 18.20.3-3",
"product": {
"name": "cbl2 nodejs18 18.20.3-3",
"product_id": "17280"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 nodejs18 18.20.3-6",
"product": {
"name": "\u003ccbl2 nodejs18 18.20.3-6",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 nodejs18 18.20.3-6",
"product": {
"name": "cbl2 nodejs18 18.20.3-6",
"product_id": "19873"
}
}
],
"category": "product_name",
"name": "nodejs18"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 nodejs 20.14.0-8 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 nodejs 20.14.0-8 as a component of Azure Linux 3.0",
"product_id": "19608-17084"
},
"product_reference": "19608",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 nodejs18 18.20.3-3 as a component of CBL Mariner 2.0",
"product_id": "17086-4"
},
"product_reference": "4",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 nodejs18 18.20.3-3 as a component of CBL Mariner 2.0",
"product_id": "17280-17086"
},
"product_reference": "17280",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 nodejs 20.14.0-5 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 nodejs 20.14.0-5 as a component of Azure Linux 3.0",
"product_id": "17696-17084"
},
"product_reference": "17696",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 nodejs18 18.20.3-6 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 nodejs18 18.20.3-6 as a component of CBL Mariner 2.0",
"product_id": "19873-17086"
},
"product_reference": "19873",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"19608-17084",
"17280-17086",
"17696-17084",
"19873-17086"
],
"known_affected": [
"17084-2",
"17086-4",
"17084-3",
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-22150 Undici Uses Insufficiently Random Values - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-22150.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-14T00:00:00.000Z",
"details": "20.14.0-5:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-2",
"17084-3"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-02-14T00:00:00.000Z",
"details": "18.20.3-3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-4",
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"17084-2",
"17086-4",
"17084-3",
"17086-1"
]
}
],
"title": "Undici Uses Insufficiently Random Values"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…