Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-59420 (GCVE-0-2025-59420)
Vulnerability from cvelistv5 – Published: 2025-09-22 17:28 – Updated: 2025-11-03 17:45
VLAI?
EPSS
Summary
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.4, Authlib’s JWS verification accepts tokens that declare unknown critical header parameters (crit), violating RFC 7515 “must‑understand” semantics. An attacker can craft a signed token with a critical header (for example, bork or cnf) that strict verifiers reject but Authlib accepts. In mixed‑language fleets, this enables split‑brain verification and can lead to policy bypass, replay, or privilege escalation. This issue has been patched in version 1.6.4.
Severity ?
7.5 (High)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59420",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-22T18:04:06.580297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T18:05:49.981Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:45:19.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00032.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "authlib",
"vendor": "authlib",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.4, Authlib\u2019s JWS verification accepts tokens that declare unknown critical header parameters (crit), violating RFC 7515 \u201cmust\u2011understand\u201d semantics. An attacker can craft a signed token with a critical header (for example, bork or cnf) that strict verifiers reject but Authlib accepts. In mixed\u2011language fleets, this enables split\u2011brain verification and can lead to policy bypass, replay, or privilege escalation. This issue has been patched in version 1.6.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T17:28:53.869Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32"
},
{
"name": "https://github.com/authlib/authlib/commit/6b1813e4392eb7c168c276099ff7783b176479df",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/authlib/authlib/commit/6b1813e4392eb7c168c276099ff7783b176479df"
}
],
"source": {
"advisory": "GHSA-9ggr-2464-2j32",
"discovery": "UNKNOWN"
},
"title": "Authlib: JWS/JWT accepts unknown crit headers (RFC violation \u2192 possible authz bypass)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59420",
"datePublished": "2025-09-22T17:28:53.869Z",
"dateReserved": "2025-09-15T19:13:16.904Z",
"dateUpdated": "2025-11-03T17:45:19.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-59420\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-09-22T18:15:46.910\",\"lastModified\":\"2025-11-03T18:17:01.017\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.4, Authlib\u2019s JWS verification accepts tokens that declare unknown critical header parameters (crit), violating RFC 7515 \u201cmust\u2011understand\u201d semantics. An attacker can craft a signed token with a critical header (for example, bork or cnf) that strict verifiers reject but Authlib accepts. In mixed\u2011language fleets, this enables split\u2011brain verification and can lead to policy bypass, replay, or privilege escalation. This issue has been patched in version 1.6.4.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"},{\"lang\":\"en\",\"value\":\"CWE-863\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:authlib:authlib:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.6.4\",\"matchCriteriaId\":\"02148BAC-81FF-495B-933A-98B636364E1E\"}]}]}],\"references\":[{\"url\":\"https://github.com/authlib/authlib/commit/6b1813e4392eb7c168c276099ff7783b176479df\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/10/msg00032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-59420\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-22T18:04:06.580297Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-22T18:04:57.627Z\"}}], \"cna\": {\"title\": \"Authlib: JWS/JWT accepts unknown crit headers (RFC violation \\u2192 possible authz bypass)\", \"source\": {\"advisory\": \"GHSA-9ggr-2464-2j32\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"authlib\", \"product\": \"authlib\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.6.4\"}]}], \"references\": [{\"url\": \"https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32\", \"name\": \"https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/authlib/authlib/commit/6b1813e4392eb7c168c276099ff7783b176479df\", \"name\": \"https://github.com/authlib/authlib/commit/6b1813e4392eb7c168c276099ff7783b176479df\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.4, Authlib\\u2019s JWS verification accepts tokens that declare unknown critical header parameters (crit), violating RFC 7515 \\u201cmust\\u2011understand\\u201d semantics. An attacker can craft a signed token with a critical header (for example, bork or cnf) that strict verifiers reject but Authlib accepts. In mixed\\u2011language fleets, this enables split\\u2011brain verification and can lead to policy bypass, replay, or privilege escalation. This issue has been patched in version 1.6.4.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-345\", \"description\": \"CWE-345: Insufficient Verification of Data Authenticity\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863: Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-09-22T17:28:53.869Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-59420\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-22T18:05:49.981Z\", \"dateReserved\": \"2025-09-15T19:13:16.904Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-09-22T17:28:53.869Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2025:22182
Vulnerability from csaf_redhat - Published: 2025-11-26 14:52 - Updated: 2025-12-05 06:24Summary
Red Hat Security Advisory: Red Hat Quay 3.10.16
Notes
Topic
Red Hat Quay 3.10.16 is now available with bug fixes.
Details
Quay 3.10.16
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.10.16 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.10.16",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:22182",
"url": "https://access.redhat.com/errata/RHSA-2025:22182"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34156",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59420",
"url": "https://access.redhat.com/security/cve/CVE-2025-59420"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61920",
"url": "https://access.redhat.com/security/cve/CVE-2025-61920"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22182.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.10.16",
"tracking": {
"current_release_date": "2025-12-05T06:24:24+00:00",
"generator": {
"date": "2025-12-05T06:24:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.13"
}
},
"id": "RHSA-2025:22182",
"initial_release_date": "2025-11-26T14:52:57+00:00",
"revision_history": [
{
"date": "2025-11-26T14:52:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-26T14:53:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-05T06:24:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.1",
"product": {
"name": "Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.10::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:64bad8b3369eeac99384b41984e32c85e8fdee2ae32282ca2d8e4df8b9d36df5_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:64bad8b3369eeac99384b41984e32c85e8fdee2ae32282ca2d8e4df8b9d36df5_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:64bad8b3369eeac99384b41984e32c85e8fdee2ae32282ca2d8e4df8b9d36df5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A64bad8b3369eeac99384b41984e32c85e8fdee2ae32282ca2d8e4df8b9d36df5?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.10.17-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d86d94c67d42f5ca58f0ea102f74499cbbd0abd0f0d4bab039557981c8c18363_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d86d94c67d42f5ca58f0ea102f74499cbbd0abd0f0d4bab039557981c8c18363_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d86d94c67d42f5ca58f0ea102f74499cbbd0abd0f0d4bab039557981c8c18363_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ad86d94c67d42f5ca58f0ea102f74499cbbd0abd0f0d4bab039557981c8c18363?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.10.17-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:8b475114a5f77f7c041509a30246769a5f9064510724c8fc99ac29164dc3a0bb_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:8b475114a5f77f7c041509a30246769a5f9064510724c8fc99ac29164dc3a0bb_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:8b475114a5f77f7c041509a30246769a5f9064510724c8fc99ac29164dc3a0bb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A8b475114a5f77f7c041509a30246769a5f9064510724c8fc99ac29164dc3a0bb?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.10.17-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa126c3f4865a2a62cba2734110418c865aa2d32f38147c056732e53fc593715_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa126c3f4865a2a62cba2734110418c865aa2d32f38147c056732e53fc593715_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa126c3f4865a2a62cba2734110418c865aa2d32f38147c056732e53fc593715_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Aaa126c3f4865a2a62cba2734110418c865aa2d32f38147c056732e53fc593715?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.10.17-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:69a3b67246d2fe32b1a1a6d726086ebd5a5f37c1ccc3c0e0021562d83caea21a_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:69a3b67246d2fe32b1a1a6d726086ebd5a5f37c1ccc3c0e0021562d83caea21a_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:69a3b67246d2fe32b1a1a6d726086ebd5a5f37c1ccc3c0e0021562d83caea21a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A69a3b67246d2fe32b1a1a6d726086ebd5a5f37c1ccc3c0e0021562d83caea21a?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.14-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:d007cac747d974c476392a703abe053dcee0603dfc0836d180175a1e2180c02b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:d007cac747d974c476392a703abe053dcee0603dfc0836d180175a1e2180c02b_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:d007cac747d974c476392a703abe053dcee0603dfc0836d180175a1e2180c02b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Ad007cac747d974c476392a703abe053dcee0603dfc0836d180175a1e2180c02b?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=8.10-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:4d10cbc5518e4e6d5d2a8fc6a15afe3526865df26eaa95e265a3ece624b31e90_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:4d10cbc5518e4e6d5d2a8fc6a15afe3526865df26eaa95e265a3ece624b31e90_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:4d10cbc5518e4e6d5d2a8fc6a15afe3526865df26eaa95e265a3ece624b31e90_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A4d10cbc5518e4e6d5d2a8fc6a15afe3526865df26eaa95e265a3ece624b31e90?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.10.16-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:76db6178b69a489a215a5aeb295530fe6dd35210d353103139b4c5a4bfc05565_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:76db6178b69a489a215a5aeb295530fe6dd35210d353103139b4c5a4bfc05565_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:76db6178b69a489a215a5aeb295530fe6dd35210d353103139b4c5a4bfc05565_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A76db6178b69a489a215a5aeb295530fe6dd35210d353103139b4c5a4bfc05565?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.10.17-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:073d670f841132b02663a58c8eca5f6dce09f3233d8d3a6d2d55de2e78374b6c_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:073d670f841132b02663a58c8eca5f6dce09f3233d8d3a6d2d55de2e78374b6c_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:073d670f841132b02663a58c8eca5f6dce09f3233d8d3a6d2d55de2e78374b6c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A073d670f841132b02663a58c8eca5f6dce09f3233d8d3a6d2d55de2e78374b6c?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.10.17-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:cb10c70bfb9d8dc3f7bc75506901cd84af0cd11e21883f78d651838eaa83c16c_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:cb10c70bfb9d8dc3f7bc75506901cd84af0cd11e21883f78d651838eaa83c16c_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:cb10c70bfb9d8dc3f7bc75506901cd84af0cd11e21883f78d651838eaa83c16c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Acb10c70bfb9d8dc3f7bc75506901cd84af0cd11e21883f78d651838eaa83c16c?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.10.17-1764168428"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c0fdf2c449051a44ffbdd7794c4fd6c3d6892ad7d1e30ec9e72c97ae34053127_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c0fdf2c449051a44ffbdd7794c4fd6c3d6892ad7d1e30ec9e72c97ae34053127_arm64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c0fdf2c449051a44ffbdd7794c4fd6c3d6892ad7d1e30ec9e72c97ae34053127_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ac0fdf2c449051a44ffbdd7794c4fd6c3d6892ad7d1e30ec9e72c97ae34053127?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.10.17-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f55014b7e95512e2dcad9ebde4d36a39e136093ed22fc3436e66cf9b34091999_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f55014b7e95512e2dcad9ebde4d36a39e136093ed22fc3436e66cf9b34091999_arm64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f55014b7e95512e2dcad9ebde4d36a39e136093ed22fc3436e66cf9b34091999_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Af55014b7e95512e2dcad9ebde4d36a39e136093ed22fc3436e66cf9b34091999?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.10.17-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a4cb517edd5c5a6bf9766e1fdbd9226ffce969000dc6a8070dba193299f467a9_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a4cb517edd5c5a6bf9766e1fdbd9226ffce969000dc6a8070dba193299f467a9_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a4cb517edd5c5a6bf9766e1fdbd9226ffce969000dc6a8070dba193299f467a9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Aa4cb517edd5c5a6bf9766e1fdbd9226ffce969000dc6a8070dba193299f467a9?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.14-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:55679b420af4e99bffa2ac83979bfaeb18fa2e88999be01dbb00b5912dad6f57_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:55679b420af4e99bffa2ac83979bfaeb18fa2e88999be01dbb00b5912dad6f57_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:55679b420af4e99bffa2ac83979bfaeb18fa2e88999be01dbb00b5912dad6f57_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A55679b420af4e99bffa2ac83979bfaeb18fa2e88999be01dbb00b5912dad6f57?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=8.10-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9eab1ead869fc65a1d3e0dd482f409f954d68361be09b230aff8d399970790de_arm64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9eab1ead869fc65a1d3e0dd482f409f954d68361be09b230aff8d399970790de_arm64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:9eab1ead869fc65a1d3e0dd482f409f954d68361be09b230aff8d399970790de_arm64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A9eab1ead869fc65a1d3e0dd482f409f954d68361be09b230aff8d399970790de?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.10.16-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:98918dfb471d2c25a93a31830e308d32ba84057021c4b9312346b3f534ea0ec8_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:98918dfb471d2c25a93a31830e308d32ba84057021c4b9312346b3f534ea0ec8_arm64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:98918dfb471d2c25a93a31830e308d32ba84057021c4b9312346b3f534ea0ec8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A98918dfb471d2c25a93a31830e308d32ba84057021c4b9312346b3f534ea0ec8?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.10.17-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:fe48d48bb338329da213a0a21d2ac706b4b731593f154d554bfd420ad21a2912_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:fe48d48bb338329da213a0a21d2ac706b4b731593f154d554bfd420ad21a2912_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:fe48d48bb338329da213a0a21d2ac706b4b731593f154d554bfd420ad21a2912_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Afe48d48bb338329da213a0a21d2ac706b4b731593f154d554bfd420ad21a2912?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.10.17-1764168428"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a97741941ab1688bec159eef3918cfceaab47263a1ff0871588cde2a16f39c27_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a97741941ab1688bec159eef3918cfceaab47263a1ff0871588cde2a16f39c27_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a97741941ab1688bec159eef3918cfceaab47263a1ff0871588cde2a16f39c27_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Aa97741941ab1688bec159eef3918cfceaab47263a1ff0871588cde2a16f39c27?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=3.10.17-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b9889747f06f6fe48cd1a79aaf6dcafcf6a9cdd2d2ad986fb10da3f2a51c103b_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b9889747f06f6fe48cd1a79aaf6dcafcf6a9cdd2d2ad986fb10da3f2a51c103b_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b9889747f06f6fe48cd1a79aaf6dcafcf6a9cdd2d2ad986fb10da3f2a51c103b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Ab9889747f06f6fe48cd1a79aaf6dcafcf6a9cdd2d2ad986fb10da3f2a51c103b?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=3.10.17-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:27cd6dee034e7eaafa86c955d119b86b8454b8721131ba870a534dacae48653e_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:27cd6dee034e7eaafa86c955d119b86b8454b8721131ba870a534dacae48653e_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:27cd6dee034e7eaafa86c955d119b86b8454b8721131ba870a534dacae48653e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A27cd6dee034e7eaafa86c955d119b86b8454b8721131ba870a534dacae48653e?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=3.14-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:826d18a3ecd4df0c8a8d67844677b394d1f86f365141c08cda8ce0eda78f3132_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:826d18a3ecd4df0c8a8d67844677b394d1f86f365141c08cda8ce0eda78f3132_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:826d18a3ecd4df0c8a8d67844677b394d1f86f365141c08cda8ce0eda78f3132_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A826d18a3ecd4df0c8a8d67844677b394d1f86f365141c08cda8ce0eda78f3132?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=8.10-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:7541bf72daac1e784b5194b9c564fbc66831c6633aa7dd8eae3a7bd0c358c27e_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:7541bf72daac1e784b5194b9c564fbc66831c6633aa7dd8eae3a7bd0c358c27e_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:7541bf72daac1e784b5194b9c564fbc66831c6633aa7dd8eae3a7bd0c358c27e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A7541bf72daac1e784b5194b9c564fbc66831c6633aa7dd8eae3a7bd0c358c27e?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.10.16-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:2837c7bcbf44311879e67be1642b3e4e3c328da0ff138ae7def975cb169f4e03_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:2837c7bcbf44311879e67be1642b3e4e3c328da0ff138ae7def975cb169f4e03_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:2837c7bcbf44311879e67be1642b3e4e3c328da0ff138ae7def975cb169f4e03_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A2837c7bcbf44311879e67be1642b3e4e3c328da0ff138ae7def975cb169f4e03?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=3.10.17-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f5047f7dea7825a5d0ad7323f433af0ce17fea83d1d3861372edd682584bb30e_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f5047f7dea7825a5d0ad7323f433af0ce17fea83d1d3861372edd682584bb30e_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:f5047f7dea7825a5d0ad7323f433af0ce17fea83d1d3861372edd682584bb30e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Af5047f7dea7825a5d0ad7323f433af0ce17fea83d1d3861372edd682584bb30e?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=3.10.17-1764168428"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:74b4b594ffab3b29043c45163245df4f47aa0dea982dcac7474f09a0f6329f24_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:74b4b594ffab3b29043c45163245df4f47aa0dea982dcac7474f09a0f6329f24_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:74b4b594ffab3b29043c45163245df4f47aa0dea982dcac7474f09a0f6329f24_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A74b4b594ffab3b29043c45163245df4f47aa0dea982dcac7474f09a0f6329f24?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=3.10.17-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:892bee6e3214a69b8924f840b69a55ac0c8d66443bf042cfa88c13766bd8dce3_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:892bee6e3214a69b8924f840b69a55ac0c8d66443bf042cfa88c13766bd8dce3_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:892bee6e3214a69b8924f840b69a55ac0c8d66443bf042cfa88c13766bd8dce3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A892bee6e3214a69b8924f840b69a55ac0c8d66443bf042cfa88c13766bd8dce3?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=3.10.17-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:086f08c9878414065d1ccd65caaf2609aba4d6aa9656f4a0387134ffda0b231d_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:086f08c9878414065d1ccd65caaf2609aba4d6aa9656f4a0387134ffda0b231d_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:086f08c9878414065d1ccd65caaf2609aba4d6aa9656f4a0387134ffda0b231d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A086f08c9878414065d1ccd65caaf2609aba4d6aa9656f4a0387134ffda0b231d?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=3.14-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:f5e49246468aeaf92745e513e66224698e6a280a76a129ba91f7c41fd0be1225_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:f5e49246468aeaf92745e513e66224698e6a280a76a129ba91f7c41fd0be1225_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:f5e49246468aeaf92745e513e66224698e6a280a76a129ba91f7c41fd0be1225_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Af5e49246468aeaf92745e513e66224698e6a280a76a129ba91f7c41fd0be1225?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=8.10-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:fb19f8197c0b403cb25287b23e19230d986f0bd45c920672dea1bf532cabe52d_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:fb19f8197c0b403cb25287b23e19230d986f0bd45c920672dea1bf532cabe52d_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:fb19f8197c0b403cb25287b23e19230d986f0bd45c920672dea1bf532cabe52d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Afb19f8197c0b403cb25287b23e19230d986f0bd45c920672dea1bf532cabe52d?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.10.16-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:9dd90fe106a4c25b245ef65a66d082d3addb28a06606f7a38cb12e7e35b00ce8_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:9dd90fe106a4c25b245ef65a66d082d3addb28a06606f7a38cb12e7e35b00ce8_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:9dd90fe106a4c25b245ef65a66d082d3addb28a06606f7a38cb12e7e35b00ce8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A9dd90fe106a4c25b245ef65a66d082d3addb28a06606f7a38cb12e7e35b00ce8?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=3.10.17-1764168428"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f8c677a9fc5a608bc6c1848db7e3ff906ea93cb9cbc92af3d574c3158b2af668_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f8c677a9fc5a608bc6c1848db7e3ff906ea93cb9cbc92af3d574c3158b2af668_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:f8c677a9fc5a608bc6c1848db7e3ff906ea93cb9cbc92af3d574c3158b2af668_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Af8c677a9fc5a608bc6c1848db7e3ff906ea93cb9cbc92af3d574c3158b2af668?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=3.10.17-1764168428"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:4d10cbc5518e4e6d5d2a8fc6a15afe3526865df26eaa95e265a3ece624b31e90_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4d10cbc5518e4e6d5d2a8fc6a15afe3526865df26eaa95e265a3ece624b31e90_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:4d10cbc5518e4e6d5d2a8fc6a15afe3526865df26eaa95e265a3ece624b31e90_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:7541bf72daac1e784b5194b9c564fbc66831c6633aa7dd8eae3a7bd0c358c27e_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:7541bf72daac1e784b5194b9c564fbc66831c6633aa7dd8eae3a7bd0c358c27e_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:7541bf72daac1e784b5194b9c564fbc66831c6633aa7dd8eae3a7bd0c358c27e_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9eab1ead869fc65a1d3e0dd482f409f954d68361be09b230aff8d399970790de_arm64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9eab1ead869fc65a1d3e0dd482f409f954d68361be09b230aff8d399970790de_arm64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:9eab1ead869fc65a1d3e0dd482f409f954d68361be09b230aff8d399970790de_arm64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:fb19f8197c0b403cb25287b23e19230d986f0bd45c920672dea1bf532cabe52d_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:fb19f8197c0b403cb25287b23e19230d986f0bd45c920672dea1bf532cabe52d_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:fb19f8197c0b403cb25287b23e19230d986f0bd45c920672dea1bf532cabe52d_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:8b475114a5f77f7c041509a30246769a5f9064510724c8fc99ac29164dc3a0bb_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:8b475114a5f77f7c041509a30246769a5f9064510724c8fc99ac29164dc3a0bb_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:8b475114a5f77f7c041509a30246769a5f9064510724c8fc99ac29164dc3a0bb_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:892bee6e3214a69b8924f840b69a55ac0c8d66443bf042cfa88c13766bd8dce3_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:892bee6e3214a69b8924f840b69a55ac0c8d66443bf042cfa88c13766bd8dce3_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:892bee6e3214a69b8924f840b69a55ac0c8d66443bf042cfa88c13766bd8dce3_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa126c3f4865a2a62cba2734110418c865aa2d32f38147c056732e53fc593715_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa126c3f4865a2a62cba2734110418c865aa2d32f38147c056732e53fc593715_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa126c3f4865a2a62cba2734110418c865aa2d32f38147c056732e53fc593715_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b9889747f06f6fe48cd1a79aaf6dcafcf6a9cdd2d2ad986fb10da3f2a51c103b_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b9889747f06f6fe48cd1a79aaf6dcafcf6a9cdd2d2ad986fb10da3f2a51c103b_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b9889747f06f6fe48cd1a79aaf6dcafcf6a9cdd2d2ad986fb10da3f2a51c103b_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f55014b7e95512e2dcad9ebde4d36a39e136093ed22fc3436e66cf9b34091999_arm64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f55014b7e95512e2dcad9ebde4d36a39e136093ed22fc3436e66cf9b34091999_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f55014b7e95512e2dcad9ebde4d36a39e136093ed22fc3436e66cf9b34091999_arm64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:086f08c9878414065d1ccd65caaf2609aba4d6aa9656f4a0387134ffda0b231d_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:086f08c9878414065d1ccd65caaf2609aba4d6aa9656f4a0387134ffda0b231d_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:086f08c9878414065d1ccd65caaf2609aba4d6aa9656f4a0387134ffda0b231d_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:27cd6dee034e7eaafa86c955d119b86b8454b8721131ba870a534dacae48653e_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:27cd6dee034e7eaafa86c955d119b86b8454b8721131ba870a534dacae48653e_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:27cd6dee034e7eaafa86c955d119b86b8454b8721131ba870a534dacae48653e_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:69a3b67246d2fe32b1a1a6d726086ebd5a5f37c1ccc3c0e0021562d83caea21a_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:69a3b67246d2fe32b1a1a6d726086ebd5a5f37c1ccc3c0e0021562d83caea21a_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:69a3b67246d2fe32b1a1a6d726086ebd5a5f37c1ccc3c0e0021562d83caea21a_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a4cb517edd5c5a6bf9766e1fdbd9226ffce969000dc6a8070dba193299f467a9_arm64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a4cb517edd5c5a6bf9766e1fdbd9226ffce969000dc6a8070dba193299f467a9_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a4cb517edd5c5a6bf9766e1fdbd9226ffce969000dc6a8070dba193299f467a9_arm64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:55679b420af4e99bffa2ac83979bfaeb18fa2e88999be01dbb00b5912dad6f57_arm64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:55679b420af4e99bffa2ac83979bfaeb18fa2e88999be01dbb00b5912dad6f57_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:55679b420af4e99bffa2ac83979bfaeb18fa2e88999be01dbb00b5912dad6f57_arm64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:826d18a3ecd4df0c8a8d67844677b394d1f86f365141c08cda8ce0eda78f3132_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:826d18a3ecd4df0c8a8d67844677b394d1f86f365141c08cda8ce0eda78f3132_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:826d18a3ecd4df0c8a8d67844677b394d1f86f365141c08cda8ce0eda78f3132_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:d007cac747d974c476392a703abe053dcee0603dfc0836d180175a1e2180c02b_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d007cac747d974c476392a703abe053dcee0603dfc0836d180175a1e2180c02b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:d007cac747d974c476392a703abe053dcee0603dfc0836d180175a1e2180c02b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:f5e49246468aeaf92745e513e66224698e6a280a76a129ba91f7c41fd0be1225_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:f5e49246468aeaf92745e513e66224698e6a280a76a129ba91f7c41fd0be1225_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:f5e49246468aeaf92745e513e66224698e6a280a76a129ba91f7c41fd0be1225_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:64bad8b3369eeac99384b41984e32c85e8fdee2ae32282ca2d8e4df8b9d36df5_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:64bad8b3369eeac99384b41984e32c85e8fdee2ae32282ca2d8e4df8b9d36df5_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:64bad8b3369eeac99384b41984e32c85e8fdee2ae32282ca2d8e4df8b9d36df5_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:74b4b594ffab3b29043c45163245df4f47aa0dea982dcac7474f09a0f6329f24_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:74b4b594ffab3b29043c45163245df4f47aa0dea982dcac7474f09a0f6329f24_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:74b4b594ffab3b29043c45163245df4f47aa0dea982dcac7474f09a0f6329f24_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a97741941ab1688bec159eef3918cfceaab47263a1ff0871588cde2a16f39c27_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a97741941ab1688bec159eef3918cfceaab47263a1ff0871588cde2a16f39c27_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a97741941ab1688bec159eef3918cfceaab47263a1ff0871588cde2a16f39c27_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c0fdf2c449051a44ffbdd7794c4fd6c3d6892ad7d1e30ec9e72c97ae34053127_arm64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c0fdf2c449051a44ffbdd7794c4fd6c3d6892ad7d1e30ec9e72c97ae34053127_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c0fdf2c449051a44ffbdd7794c4fd6c3d6892ad7d1e30ec9e72c97ae34053127_arm64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d86d94c67d42f5ca58f0ea102f74499cbbd0abd0f0d4bab039557981c8c18363_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d86d94c67d42f5ca58f0ea102f74499cbbd0abd0f0d4bab039557981c8c18363_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d86d94c67d42f5ca58f0ea102f74499cbbd0abd0f0d4bab039557981c8c18363_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:76db6178b69a489a215a5aeb295530fe6dd35210d353103139b4c5a4bfc05565_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:76db6178b69a489a215a5aeb295530fe6dd35210d353103139b4c5a4bfc05565_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:76db6178b69a489a215a5aeb295530fe6dd35210d353103139b4c5a4bfc05565_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:073d670f841132b02663a58c8eca5f6dce09f3233d8d3a6d2d55de2e78374b6c_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:073d670f841132b02663a58c8eca5f6dce09f3233d8d3a6d2d55de2e78374b6c_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:073d670f841132b02663a58c8eca5f6dce09f3233d8d3a6d2d55de2e78374b6c_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:2837c7bcbf44311879e67be1642b3e4e3c328da0ff138ae7def975cb169f4e03_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:2837c7bcbf44311879e67be1642b3e4e3c328da0ff138ae7def975cb169f4e03_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:2837c7bcbf44311879e67be1642b3e4e3c328da0ff138ae7def975cb169f4e03_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:98918dfb471d2c25a93a31830e308d32ba84057021c4b9312346b3f534ea0ec8_arm64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:98918dfb471d2c25a93a31830e308d32ba84057021c4b9312346b3f534ea0ec8_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:98918dfb471d2c25a93a31830e308d32ba84057021c4b9312346b3f534ea0ec8_arm64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:9dd90fe106a4c25b245ef65a66d082d3addb28a06606f7a38cb12e7e35b00ce8_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:9dd90fe106a4c25b245ef65a66d082d3addb28a06606f7a38cb12e7e35b00ce8_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:9dd90fe106a4c25b245ef65a66d082d3addb28a06606f7a38cb12e7e35b00ce8_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:cb10c70bfb9d8dc3f7bc75506901cd84af0cd11e21883f78d651838eaa83c16c_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:cb10c70bfb9d8dc3f7bc75506901cd84af0cd11e21883f78d651838eaa83c16c_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:cb10c70bfb9d8dc3f7bc75506901cd84af0cd11e21883f78d651838eaa83c16c_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f5047f7dea7825a5d0ad7323f433af0ce17fea83d1d3861372edd682584bb30e_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f5047f7dea7825a5d0ad7323f433af0ce17fea83d1d3861372edd682584bb30e_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:f5047f7dea7825a5d0ad7323f433af0ce17fea83d1d3861372edd682584bb30e_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f8c677a9fc5a608bc6c1848db7e3ff906ea93cb9cbc92af3d574c3158b2af668_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f8c677a9fc5a608bc6c1848db7e3ff906ea93cb9cbc92af3d574c3158b2af668_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:f8c677a9fc5a608bc6c1848db7e3ff906ea93cb9cbc92af3d574c3158b2af668_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:fe48d48bb338329da213a0a21d2ac706b4b731593f154d554bfd420ad21a2912_arm64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:fe48d48bb338329da213a0a21d2ac706b4b731593f154d554bfd420ad21a2912_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:fe48d48bb338329da213a0a21d2ac706b4b731593f154d554bfd420ad21a2912_arm64",
"relates_to_product_reference": "Red Hat Quay 3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4d10cbc5518e4e6d5d2a8fc6a15afe3526865df26eaa95e265a3ece624b31e90_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:7541bf72daac1e784b5194b9c564fbc66831c6633aa7dd8eae3a7bd0c358c27e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9eab1ead869fc65a1d3e0dd482f409f954d68361be09b230aff8d399970790de_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:fb19f8197c0b403cb25287b23e19230d986f0bd45c920672dea1bf532cabe52d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:8b475114a5f77f7c041509a30246769a5f9064510724c8fc99ac29164dc3a0bb_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:892bee6e3214a69b8924f840b69a55ac0c8d66443bf042cfa88c13766bd8dce3_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa126c3f4865a2a62cba2734110418c865aa2d32f38147c056732e53fc593715_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b9889747f06f6fe48cd1a79aaf6dcafcf6a9cdd2d2ad986fb10da3f2a51c103b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f55014b7e95512e2dcad9ebde4d36a39e136093ed22fc3436e66cf9b34091999_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:086f08c9878414065d1ccd65caaf2609aba4d6aa9656f4a0387134ffda0b231d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:27cd6dee034e7eaafa86c955d119b86b8454b8721131ba870a534dacae48653e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:69a3b67246d2fe32b1a1a6d726086ebd5a5f37c1ccc3c0e0021562d83caea21a_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a4cb517edd5c5a6bf9766e1fdbd9226ffce969000dc6a8070dba193299f467a9_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:55679b420af4e99bffa2ac83979bfaeb18fa2e88999be01dbb00b5912dad6f57_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:826d18a3ecd4df0c8a8d67844677b394d1f86f365141c08cda8ce0eda78f3132_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d007cac747d974c476392a703abe053dcee0603dfc0836d180175a1e2180c02b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:f5e49246468aeaf92745e513e66224698e6a280a76a129ba91f7c41fd0be1225_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:64bad8b3369eeac99384b41984e32c85e8fdee2ae32282ca2d8e4df8b9d36df5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:74b4b594ffab3b29043c45163245df4f47aa0dea982dcac7474f09a0f6329f24_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a97741941ab1688bec159eef3918cfceaab47263a1ff0871588cde2a16f39c27_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c0fdf2c449051a44ffbdd7794c4fd6c3d6892ad7d1e30ec9e72c97ae34053127_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d86d94c67d42f5ca58f0ea102f74499cbbd0abd0f0d4bab039557981c8c18363_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:76db6178b69a489a215a5aeb295530fe6dd35210d353103139b4c5a4bfc05565_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:cb10c70bfb9d8dc3f7bc75506901cd84af0cd11e21883f78d651838eaa83c16c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f5047f7dea7825a5d0ad7323f433af0ce17fea83d1d3861372edd682584bb30e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f8c677a9fc5a608bc6c1848db7e3ff906ea93cb9cbc92af3d574c3158b2af668_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:fe48d48bb338329da213a0a21d2ac706b4b731593f154d554bfd420ad21a2912_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:073d670f841132b02663a58c8eca5f6dce09f3233d8d3a6d2d55de2e78374b6c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:2837c7bcbf44311879e67be1642b3e4e3c328da0ff138ae7def975cb169f4e03_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:98918dfb471d2c25a93a31830e308d32ba84057021c4b9312346b3f534ea0ec8_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:9dd90fe106a4c25b245ef65a66d082d3addb28a06606f7a38cb12e7e35b00ce8_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4d10cbc5518e4e6d5d2a8fc6a15afe3526865df26eaa95e265a3ece624b31e90_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:7541bf72daac1e784b5194b9c564fbc66831c6633aa7dd8eae3a7bd0c358c27e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9eab1ead869fc65a1d3e0dd482f409f954d68361be09b230aff8d399970790de_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:fb19f8197c0b403cb25287b23e19230d986f0bd45c920672dea1bf532cabe52d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:8b475114a5f77f7c041509a30246769a5f9064510724c8fc99ac29164dc3a0bb_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:892bee6e3214a69b8924f840b69a55ac0c8d66443bf042cfa88c13766bd8dce3_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa126c3f4865a2a62cba2734110418c865aa2d32f38147c056732e53fc593715_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b9889747f06f6fe48cd1a79aaf6dcafcf6a9cdd2d2ad986fb10da3f2a51c103b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f55014b7e95512e2dcad9ebde4d36a39e136093ed22fc3436e66cf9b34091999_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:086f08c9878414065d1ccd65caaf2609aba4d6aa9656f4a0387134ffda0b231d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:27cd6dee034e7eaafa86c955d119b86b8454b8721131ba870a534dacae48653e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:69a3b67246d2fe32b1a1a6d726086ebd5a5f37c1ccc3c0e0021562d83caea21a_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a4cb517edd5c5a6bf9766e1fdbd9226ffce969000dc6a8070dba193299f467a9_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:55679b420af4e99bffa2ac83979bfaeb18fa2e88999be01dbb00b5912dad6f57_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:826d18a3ecd4df0c8a8d67844677b394d1f86f365141c08cda8ce0eda78f3132_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d007cac747d974c476392a703abe053dcee0603dfc0836d180175a1e2180c02b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:f5e49246468aeaf92745e513e66224698e6a280a76a129ba91f7c41fd0be1225_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:64bad8b3369eeac99384b41984e32c85e8fdee2ae32282ca2d8e4df8b9d36df5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:74b4b594ffab3b29043c45163245df4f47aa0dea982dcac7474f09a0f6329f24_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a97741941ab1688bec159eef3918cfceaab47263a1ff0871588cde2a16f39c27_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c0fdf2c449051a44ffbdd7794c4fd6c3d6892ad7d1e30ec9e72c97ae34053127_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d86d94c67d42f5ca58f0ea102f74499cbbd0abd0f0d4bab039557981c8c18363_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:76db6178b69a489a215a5aeb295530fe6dd35210d353103139b4c5a4bfc05565_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:cb10c70bfb9d8dc3f7bc75506901cd84af0cd11e21883f78d651838eaa83c16c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f5047f7dea7825a5d0ad7323f433af0ce17fea83d1d3861372edd682584bb30e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f8c677a9fc5a608bc6c1848db7e3ff906ea93cb9cbc92af3d574c3158b2af668_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:fe48d48bb338329da213a0a21d2ac706b4b731593f154d554bfd420ad21a2912_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-26T14:52:57+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:073d670f841132b02663a58c8eca5f6dce09f3233d8d3a6d2d55de2e78374b6c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:2837c7bcbf44311879e67be1642b3e4e3c328da0ff138ae7def975cb169f4e03_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:98918dfb471d2c25a93a31830e308d32ba84057021c4b9312346b3f534ea0ec8_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:9dd90fe106a4c25b245ef65a66d082d3addb28a06606f7a38cb12e7e35b00ce8_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22182"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4d10cbc5518e4e6d5d2a8fc6a15afe3526865df26eaa95e265a3ece624b31e90_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:7541bf72daac1e784b5194b9c564fbc66831c6633aa7dd8eae3a7bd0c358c27e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9eab1ead869fc65a1d3e0dd482f409f954d68361be09b230aff8d399970790de_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:fb19f8197c0b403cb25287b23e19230d986f0bd45c920672dea1bf532cabe52d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:8b475114a5f77f7c041509a30246769a5f9064510724c8fc99ac29164dc3a0bb_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:892bee6e3214a69b8924f840b69a55ac0c8d66443bf042cfa88c13766bd8dce3_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa126c3f4865a2a62cba2734110418c865aa2d32f38147c056732e53fc593715_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b9889747f06f6fe48cd1a79aaf6dcafcf6a9cdd2d2ad986fb10da3f2a51c103b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f55014b7e95512e2dcad9ebde4d36a39e136093ed22fc3436e66cf9b34091999_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:086f08c9878414065d1ccd65caaf2609aba4d6aa9656f4a0387134ffda0b231d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:27cd6dee034e7eaafa86c955d119b86b8454b8721131ba870a534dacae48653e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:69a3b67246d2fe32b1a1a6d726086ebd5a5f37c1ccc3c0e0021562d83caea21a_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a4cb517edd5c5a6bf9766e1fdbd9226ffce969000dc6a8070dba193299f467a9_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:55679b420af4e99bffa2ac83979bfaeb18fa2e88999be01dbb00b5912dad6f57_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:826d18a3ecd4df0c8a8d67844677b394d1f86f365141c08cda8ce0eda78f3132_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d007cac747d974c476392a703abe053dcee0603dfc0836d180175a1e2180c02b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:f5e49246468aeaf92745e513e66224698e6a280a76a129ba91f7c41fd0be1225_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:64bad8b3369eeac99384b41984e32c85e8fdee2ae32282ca2d8e4df8b9d36df5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:74b4b594ffab3b29043c45163245df4f47aa0dea982dcac7474f09a0f6329f24_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a97741941ab1688bec159eef3918cfceaab47263a1ff0871588cde2a16f39c27_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c0fdf2c449051a44ffbdd7794c4fd6c3d6892ad7d1e30ec9e72c97ae34053127_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d86d94c67d42f5ca58f0ea102f74499cbbd0abd0f0d4bab039557981c8c18363_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:76db6178b69a489a215a5aeb295530fe6dd35210d353103139b4c5a4bfc05565_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:073d670f841132b02663a58c8eca5f6dce09f3233d8d3a6d2d55de2e78374b6c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:2837c7bcbf44311879e67be1642b3e4e3c328da0ff138ae7def975cb169f4e03_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:98918dfb471d2c25a93a31830e308d32ba84057021c4b9312346b3f534ea0ec8_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:9dd90fe106a4c25b245ef65a66d082d3addb28a06606f7a38cb12e7e35b00ce8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:cb10c70bfb9d8dc3f7bc75506901cd84af0cd11e21883f78d651838eaa83c16c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f5047f7dea7825a5d0ad7323f433af0ce17fea83d1d3861372edd682584bb30e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f8c677a9fc5a608bc6c1848db7e3ff906ea93cb9cbc92af3d574c3158b2af668_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:fe48d48bb338329da213a0a21d2ac706b4b731593f154d554bfd420ad21a2912_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4d10cbc5518e4e6d5d2a8fc6a15afe3526865df26eaa95e265a3ece624b31e90_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:7541bf72daac1e784b5194b9c564fbc66831c6633aa7dd8eae3a7bd0c358c27e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9eab1ead869fc65a1d3e0dd482f409f954d68361be09b230aff8d399970790de_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:fb19f8197c0b403cb25287b23e19230d986f0bd45c920672dea1bf532cabe52d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:8b475114a5f77f7c041509a30246769a5f9064510724c8fc99ac29164dc3a0bb_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:892bee6e3214a69b8924f840b69a55ac0c8d66443bf042cfa88c13766bd8dce3_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa126c3f4865a2a62cba2734110418c865aa2d32f38147c056732e53fc593715_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b9889747f06f6fe48cd1a79aaf6dcafcf6a9cdd2d2ad986fb10da3f2a51c103b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f55014b7e95512e2dcad9ebde4d36a39e136093ed22fc3436e66cf9b34091999_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:086f08c9878414065d1ccd65caaf2609aba4d6aa9656f4a0387134ffda0b231d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:27cd6dee034e7eaafa86c955d119b86b8454b8721131ba870a534dacae48653e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:69a3b67246d2fe32b1a1a6d726086ebd5a5f37c1ccc3c0e0021562d83caea21a_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a4cb517edd5c5a6bf9766e1fdbd9226ffce969000dc6a8070dba193299f467a9_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:55679b420af4e99bffa2ac83979bfaeb18fa2e88999be01dbb00b5912dad6f57_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:826d18a3ecd4df0c8a8d67844677b394d1f86f365141c08cda8ce0eda78f3132_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d007cac747d974c476392a703abe053dcee0603dfc0836d180175a1e2180c02b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:f5e49246468aeaf92745e513e66224698e6a280a76a129ba91f7c41fd0be1225_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:64bad8b3369eeac99384b41984e32c85e8fdee2ae32282ca2d8e4df8b9d36df5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:74b4b594ffab3b29043c45163245df4f47aa0dea982dcac7474f09a0f6329f24_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a97741941ab1688bec159eef3918cfceaab47263a1ff0871588cde2a16f39c27_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c0fdf2c449051a44ffbdd7794c4fd6c3d6892ad7d1e30ec9e72c97ae34053127_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d86d94c67d42f5ca58f0ea102f74499cbbd0abd0f0d4bab039557981c8c18363_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:76db6178b69a489a215a5aeb295530fe6dd35210d353103139b4c5a4bfc05565_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:073d670f841132b02663a58c8eca5f6dce09f3233d8d3a6d2d55de2e78374b6c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:2837c7bcbf44311879e67be1642b3e4e3c328da0ff138ae7def975cb169f4e03_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:98918dfb471d2c25a93a31830e308d32ba84057021c4b9312346b3f534ea0ec8_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:9dd90fe106a4c25b245ef65a66d082d3addb28a06606f7a38cb12e7e35b00ce8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:cb10c70bfb9d8dc3f7bc75506901cd84af0cd11e21883f78d651838eaa83c16c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f5047f7dea7825a5d0ad7323f433af0ce17fea83d1d3861372edd682584bb30e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f8c677a9fc5a608bc6c1848db7e3ff906ea93cb9cbc92af3d574c3158b2af668_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:fe48d48bb338329da213a0a21d2ac706b4b731593f154d554bfd420ad21a2912_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4d10cbc5518e4e6d5d2a8fc6a15afe3526865df26eaa95e265a3ece624b31e90_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:7541bf72daac1e784b5194b9c564fbc66831c6633aa7dd8eae3a7bd0c358c27e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9eab1ead869fc65a1d3e0dd482f409f954d68361be09b230aff8d399970790de_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:fb19f8197c0b403cb25287b23e19230d986f0bd45c920672dea1bf532cabe52d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:8b475114a5f77f7c041509a30246769a5f9064510724c8fc99ac29164dc3a0bb_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:892bee6e3214a69b8924f840b69a55ac0c8d66443bf042cfa88c13766bd8dce3_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa126c3f4865a2a62cba2734110418c865aa2d32f38147c056732e53fc593715_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b9889747f06f6fe48cd1a79aaf6dcafcf6a9cdd2d2ad986fb10da3f2a51c103b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f55014b7e95512e2dcad9ebde4d36a39e136093ed22fc3436e66cf9b34091999_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:086f08c9878414065d1ccd65caaf2609aba4d6aa9656f4a0387134ffda0b231d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:27cd6dee034e7eaafa86c955d119b86b8454b8721131ba870a534dacae48653e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:69a3b67246d2fe32b1a1a6d726086ebd5a5f37c1ccc3c0e0021562d83caea21a_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a4cb517edd5c5a6bf9766e1fdbd9226ffce969000dc6a8070dba193299f467a9_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:55679b420af4e99bffa2ac83979bfaeb18fa2e88999be01dbb00b5912dad6f57_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:826d18a3ecd4df0c8a8d67844677b394d1f86f365141c08cda8ce0eda78f3132_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d007cac747d974c476392a703abe053dcee0603dfc0836d180175a1e2180c02b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:f5e49246468aeaf92745e513e66224698e6a280a76a129ba91f7c41fd0be1225_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:64bad8b3369eeac99384b41984e32c85e8fdee2ae32282ca2d8e4df8b9d36df5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:74b4b594ffab3b29043c45163245df4f47aa0dea982dcac7474f09a0f6329f24_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a97741941ab1688bec159eef3918cfceaab47263a1ff0871588cde2a16f39c27_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c0fdf2c449051a44ffbdd7794c4fd6c3d6892ad7d1e30ec9e72c97ae34053127_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d86d94c67d42f5ca58f0ea102f74499cbbd0abd0f0d4bab039557981c8c18363_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:76db6178b69a489a215a5aeb295530fe6dd35210d353103139b4c5a4bfc05565_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:cb10c70bfb9d8dc3f7bc75506901cd84af0cd11e21883f78d651838eaa83c16c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f5047f7dea7825a5d0ad7323f433af0ce17fea83d1d3861372edd682584bb30e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f8c677a9fc5a608bc6c1848db7e3ff906ea93cb9cbc92af3d574c3158b2af668_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:fe48d48bb338329da213a0a21d2ac706b4b731593f154d554bfd420ad21a2912_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:073d670f841132b02663a58c8eca5f6dce09f3233d8d3a6d2d55de2e78374b6c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:2837c7bcbf44311879e67be1642b3e4e3c328da0ff138ae7def975cb169f4e03_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:98918dfb471d2c25a93a31830e308d32ba84057021c4b9312346b3f534ea0ec8_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:9dd90fe106a4c25b245ef65a66d082d3addb28a06606f7a38cb12e7e35b00ce8_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4d10cbc5518e4e6d5d2a8fc6a15afe3526865df26eaa95e265a3ece624b31e90_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:7541bf72daac1e784b5194b9c564fbc66831c6633aa7dd8eae3a7bd0c358c27e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9eab1ead869fc65a1d3e0dd482f409f954d68361be09b230aff8d399970790de_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:fb19f8197c0b403cb25287b23e19230d986f0bd45c920672dea1bf532cabe52d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:8b475114a5f77f7c041509a30246769a5f9064510724c8fc99ac29164dc3a0bb_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:892bee6e3214a69b8924f840b69a55ac0c8d66443bf042cfa88c13766bd8dce3_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa126c3f4865a2a62cba2734110418c865aa2d32f38147c056732e53fc593715_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b9889747f06f6fe48cd1a79aaf6dcafcf6a9cdd2d2ad986fb10da3f2a51c103b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f55014b7e95512e2dcad9ebde4d36a39e136093ed22fc3436e66cf9b34091999_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:086f08c9878414065d1ccd65caaf2609aba4d6aa9656f4a0387134ffda0b231d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:27cd6dee034e7eaafa86c955d119b86b8454b8721131ba870a534dacae48653e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:69a3b67246d2fe32b1a1a6d726086ebd5a5f37c1ccc3c0e0021562d83caea21a_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a4cb517edd5c5a6bf9766e1fdbd9226ffce969000dc6a8070dba193299f467a9_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:55679b420af4e99bffa2ac83979bfaeb18fa2e88999be01dbb00b5912dad6f57_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:826d18a3ecd4df0c8a8d67844677b394d1f86f365141c08cda8ce0eda78f3132_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d007cac747d974c476392a703abe053dcee0603dfc0836d180175a1e2180c02b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:f5e49246468aeaf92745e513e66224698e6a280a76a129ba91f7c41fd0be1225_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:64bad8b3369eeac99384b41984e32c85e8fdee2ae32282ca2d8e4df8b9d36df5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:74b4b594ffab3b29043c45163245df4f47aa0dea982dcac7474f09a0f6329f24_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a97741941ab1688bec159eef3918cfceaab47263a1ff0871588cde2a16f39c27_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c0fdf2c449051a44ffbdd7794c4fd6c3d6892ad7d1e30ec9e72c97ae34053127_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d86d94c67d42f5ca58f0ea102f74499cbbd0abd0f0d4bab039557981c8c18363_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:76db6178b69a489a215a5aeb295530fe6dd35210d353103139b4c5a4bfc05565_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:cb10c70bfb9d8dc3f7bc75506901cd84af0cd11e21883f78d651838eaa83c16c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f5047f7dea7825a5d0ad7323f433af0ce17fea83d1d3861372edd682584bb30e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f8c677a9fc5a608bc6c1848db7e3ff906ea93cb9cbc92af3d574c3158b2af668_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:fe48d48bb338329da213a0a21d2ac706b4b731593f154d554bfd420ad21a2912_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-26T14:52:57+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:073d670f841132b02663a58c8eca5f6dce09f3233d8d3a6d2d55de2e78374b6c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:2837c7bcbf44311879e67be1642b3e4e3c328da0ff138ae7def975cb169f4e03_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:98918dfb471d2c25a93a31830e308d32ba84057021c4b9312346b3f534ea0ec8_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:9dd90fe106a4c25b245ef65a66d082d3addb28a06606f7a38cb12e7e35b00ce8_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22182"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4d10cbc5518e4e6d5d2a8fc6a15afe3526865df26eaa95e265a3ece624b31e90_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:7541bf72daac1e784b5194b9c564fbc66831c6633aa7dd8eae3a7bd0c358c27e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9eab1ead869fc65a1d3e0dd482f409f954d68361be09b230aff8d399970790de_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:fb19f8197c0b403cb25287b23e19230d986f0bd45c920672dea1bf532cabe52d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:8b475114a5f77f7c041509a30246769a5f9064510724c8fc99ac29164dc3a0bb_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:892bee6e3214a69b8924f840b69a55ac0c8d66443bf042cfa88c13766bd8dce3_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa126c3f4865a2a62cba2734110418c865aa2d32f38147c056732e53fc593715_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b9889747f06f6fe48cd1a79aaf6dcafcf6a9cdd2d2ad986fb10da3f2a51c103b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f55014b7e95512e2dcad9ebde4d36a39e136093ed22fc3436e66cf9b34091999_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:086f08c9878414065d1ccd65caaf2609aba4d6aa9656f4a0387134ffda0b231d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:27cd6dee034e7eaafa86c955d119b86b8454b8721131ba870a534dacae48653e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:69a3b67246d2fe32b1a1a6d726086ebd5a5f37c1ccc3c0e0021562d83caea21a_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a4cb517edd5c5a6bf9766e1fdbd9226ffce969000dc6a8070dba193299f467a9_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:55679b420af4e99bffa2ac83979bfaeb18fa2e88999be01dbb00b5912dad6f57_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:826d18a3ecd4df0c8a8d67844677b394d1f86f365141c08cda8ce0eda78f3132_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d007cac747d974c476392a703abe053dcee0603dfc0836d180175a1e2180c02b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:f5e49246468aeaf92745e513e66224698e6a280a76a129ba91f7c41fd0be1225_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:64bad8b3369eeac99384b41984e32c85e8fdee2ae32282ca2d8e4df8b9d36df5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:74b4b594ffab3b29043c45163245df4f47aa0dea982dcac7474f09a0f6329f24_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a97741941ab1688bec159eef3918cfceaab47263a1ff0871588cde2a16f39c27_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c0fdf2c449051a44ffbdd7794c4fd6c3d6892ad7d1e30ec9e72c97ae34053127_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d86d94c67d42f5ca58f0ea102f74499cbbd0abd0f0d4bab039557981c8c18363_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:76db6178b69a489a215a5aeb295530fe6dd35210d353103139b4c5a4bfc05565_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:073d670f841132b02663a58c8eca5f6dce09f3233d8d3a6d2d55de2e78374b6c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:2837c7bcbf44311879e67be1642b3e4e3c328da0ff138ae7def975cb169f4e03_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:98918dfb471d2c25a93a31830e308d32ba84057021c4b9312346b3f534ea0ec8_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:9dd90fe106a4c25b245ef65a66d082d3addb28a06606f7a38cb12e7e35b00ce8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:cb10c70bfb9d8dc3f7bc75506901cd84af0cd11e21883f78d651838eaa83c16c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f5047f7dea7825a5d0ad7323f433af0ce17fea83d1d3861372edd682584bb30e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f8c677a9fc5a608bc6c1848db7e3ff906ea93cb9cbc92af3d574c3158b2af668_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:fe48d48bb338329da213a0a21d2ac706b4b731593f154d554bfd420ad21a2912_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4d10cbc5518e4e6d5d2a8fc6a15afe3526865df26eaa95e265a3ece624b31e90_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:7541bf72daac1e784b5194b9c564fbc66831c6633aa7dd8eae3a7bd0c358c27e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9eab1ead869fc65a1d3e0dd482f409f954d68361be09b230aff8d399970790de_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:fb19f8197c0b403cb25287b23e19230d986f0bd45c920672dea1bf532cabe52d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:8b475114a5f77f7c041509a30246769a5f9064510724c8fc99ac29164dc3a0bb_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:892bee6e3214a69b8924f840b69a55ac0c8d66443bf042cfa88c13766bd8dce3_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa126c3f4865a2a62cba2734110418c865aa2d32f38147c056732e53fc593715_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b9889747f06f6fe48cd1a79aaf6dcafcf6a9cdd2d2ad986fb10da3f2a51c103b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f55014b7e95512e2dcad9ebde4d36a39e136093ed22fc3436e66cf9b34091999_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:086f08c9878414065d1ccd65caaf2609aba4d6aa9656f4a0387134ffda0b231d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:27cd6dee034e7eaafa86c955d119b86b8454b8721131ba870a534dacae48653e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:69a3b67246d2fe32b1a1a6d726086ebd5a5f37c1ccc3c0e0021562d83caea21a_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a4cb517edd5c5a6bf9766e1fdbd9226ffce969000dc6a8070dba193299f467a9_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:55679b420af4e99bffa2ac83979bfaeb18fa2e88999be01dbb00b5912dad6f57_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:826d18a3ecd4df0c8a8d67844677b394d1f86f365141c08cda8ce0eda78f3132_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d007cac747d974c476392a703abe053dcee0603dfc0836d180175a1e2180c02b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:f5e49246468aeaf92745e513e66224698e6a280a76a129ba91f7c41fd0be1225_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:64bad8b3369eeac99384b41984e32c85e8fdee2ae32282ca2d8e4df8b9d36df5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:74b4b594ffab3b29043c45163245df4f47aa0dea982dcac7474f09a0f6329f24_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a97741941ab1688bec159eef3918cfceaab47263a1ff0871588cde2a16f39c27_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c0fdf2c449051a44ffbdd7794c4fd6c3d6892ad7d1e30ec9e72c97ae34053127_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d86d94c67d42f5ca58f0ea102f74499cbbd0abd0f0d4bab039557981c8c18363_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:76db6178b69a489a215a5aeb295530fe6dd35210d353103139b4c5a4bfc05565_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:073d670f841132b02663a58c8eca5f6dce09f3233d8d3a6d2d55de2e78374b6c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:2837c7bcbf44311879e67be1642b3e4e3c328da0ff138ae7def975cb169f4e03_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:98918dfb471d2c25a93a31830e308d32ba84057021c4b9312346b3f534ea0ec8_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:9dd90fe106a4c25b245ef65a66d082d3addb28a06606f7a38cb12e7e35b00ce8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:cb10c70bfb9d8dc3f7bc75506901cd84af0cd11e21883f78d651838eaa83c16c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f5047f7dea7825a5d0ad7323f433af0ce17fea83d1d3861372edd682584bb30e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f8c677a9fc5a608bc6c1848db7e3ff906ea93cb9cbc92af3d574c3158b2af668_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:fe48d48bb338329da213a0a21d2ac706b4b731593f154d554bfd420ad21a2912_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4d10cbc5518e4e6d5d2a8fc6a15afe3526865df26eaa95e265a3ece624b31e90_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:7541bf72daac1e784b5194b9c564fbc66831c6633aa7dd8eae3a7bd0c358c27e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9eab1ead869fc65a1d3e0dd482f409f954d68361be09b230aff8d399970790de_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:fb19f8197c0b403cb25287b23e19230d986f0bd45c920672dea1bf532cabe52d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:8b475114a5f77f7c041509a30246769a5f9064510724c8fc99ac29164dc3a0bb_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:892bee6e3214a69b8924f840b69a55ac0c8d66443bf042cfa88c13766bd8dce3_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa126c3f4865a2a62cba2734110418c865aa2d32f38147c056732e53fc593715_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b9889747f06f6fe48cd1a79aaf6dcafcf6a9cdd2d2ad986fb10da3f2a51c103b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f55014b7e95512e2dcad9ebde4d36a39e136093ed22fc3436e66cf9b34091999_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:086f08c9878414065d1ccd65caaf2609aba4d6aa9656f4a0387134ffda0b231d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:27cd6dee034e7eaafa86c955d119b86b8454b8721131ba870a534dacae48653e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:69a3b67246d2fe32b1a1a6d726086ebd5a5f37c1ccc3c0e0021562d83caea21a_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a4cb517edd5c5a6bf9766e1fdbd9226ffce969000dc6a8070dba193299f467a9_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:55679b420af4e99bffa2ac83979bfaeb18fa2e88999be01dbb00b5912dad6f57_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:826d18a3ecd4df0c8a8d67844677b394d1f86f365141c08cda8ce0eda78f3132_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d007cac747d974c476392a703abe053dcee0603dfc0836d180175a1e2180c02b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:f5e49246468aeaf92745e513e66224698e6a280a76a129ba91f7c41fd0be1225_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:64bad8b3369eeac99384b41984e32c85e8fdee2ae32282ca2d8e4df8b9d36df5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:74b4b594ffab3b29043c45163245df4f47aa0dea982dcac7474f09a0f6329f24_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a97741941ab1688bec159eef3918cfceaab47263a1ff0871588cde2a16f39c27_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c0fdf2c449051a44ffbdd7794c4fd6c3d6892ad7d1e30ec9e72c97ae34053127_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d86d94c67d42f5ca58f0ea102f74499cbbd0abd0f0d4bab039557981c8c18363_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:76db6178b69a489a215a5aeb295530fe6dd35210d353103139b4c5a4bfc05565_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:cb10c70bfb9d8dc3f7bc75506901cd84af0cd11e21883f78d651838eaa83c16c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f5047f7dea7825a5d0ad7323f433af0ce17fea83d1d3861372edd682584bb30e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f8c677a9fc5a608bc6c1848db7e3ff906ea93cb9cbc92af3d574c3158b2af668_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:fe48d48bb338329da213a0a21d2ac706b4b731593f154d554bfd420ad21a2912_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:073d670f841132b02663a58c8eca5f6dce09f3233d8d3a6d2d55de2e78374b6c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:2837c7bcbf44311879e67be1642b3e4e3c328da0ff138ae7def975cb169f4e03_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:98918dfb471d2c25a93a31830e308d32ba84057021c4b9312346b3f534ea0ec8_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:9dd90fe106a4c25b245ef65a66d082d3addb28a06606f7a38cb12e7e35b00ce8_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4d10cbc5518e4e6d5d2a8fc6a15afe3526865df26eaa95e265a3ece624b31e90_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:7541bf72daac1e784b5194b9c564fbc66831c6633aa7dd8eae3a7bd0c358c27e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9eab1ead869fc65a1d3e0dd482f409f954d68361be09b230aff8d399970790de_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:fb19f8197c0b403cb25287b23e19230d986f0bd45c920672dea1bf532cabe52d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:8b475114a5f77f7c041509a30246769a5f9064510724c8fc99ac29164dc3a0bb_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:892bee6e3214a69b8924f840b69a55ac0c8d66443bf042cfa88c13766bd8dce3_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa126c3f4865a2a62cba2734110418c865aa2d32f38147c056732e53fc593715_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b9889747f06f6fe48cd1a79aaf6dcafcf6a9cdd2d2ad986fb10da3f2a51c103b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f55014b7e95512e2dcad9ebde4d36a39e136093ed22fc3436e66cf9b34091999_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:086f08c9878414065d1ccd65caaf2609aba4d6aa9656f4a0387134ffda0b231d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:27cd6dee034e7eaafa86c955d119b86b8454b8721131ba870a534dacae48653e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:69a3b67246d2fe32b1a1a6d726086ebd5a5f37c1ccc3c0e0021562d83caea21a_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a4cb517edd5c5a6bf9766e1fdbd9226ffce969000dc6a8070dba193299f467a9_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:55679b420af4e99bffa2ac83979bfaeb18fa2e88999be01dbb00b5912dad6f57_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:826d18a3ecd4df0c8a8d67844677b394d1f86f365141c08cda8ce0eda78f3132_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d007cac747d974c476392a703abe053dcee0603dfc0836d180175a1e2180c02b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:f5e49246468aeaf92745e513e66224698e6a280a76a129ba91f7c41fd0be1225_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:64bad8b3369eeac99384b41984e32c85e8fdee2ae32282ca2d8e4df8b9d36df5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:74b4b594ffab3b29043c45163245df4f47aa0dea982dcac7474f09a0f6329f24_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a97741941ab1688bec159eef3918cfceaab47263a1ff0871588cde2a16f39c27_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c0fdf2c449051a44ffbdd7794c4fd6c3d6892ad7d1e30ec9e72c97ae34053127_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d86d94c67d42f5ca58f0ea102f74499cbbd0abd0f0d4bab039557981c8c18363_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:76db6178b69a489a215a5aeb295530fe6dd35210d353103139b4c5a4bfc05565_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:cb10c70bfb9d8dc3f7bc75506901cd84af0cd11e21883f78d651838eaa83c16c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f5047f7dea7825a5d0ad7323f433af0ce17fea83d1d3861372edd682584bb30e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f8c677a9fc5a608bc6c1848db7e3ff906ea93cb9cbc92af3d574c3158b2af668_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:fe48d48bb338329da213a0a21d2ac706b4b731593f154d554bfd420ad21a2912_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-26T14:52:57+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:073d670f841132b02663a58c8eca5f6dce09f3233d8d3a6d2d55de2e78374b6c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:2837c7bcbf44311879e67be1642b3e4e3c328da0ff138ae7def975cb169f4e03_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:98918dfb471d2c25a93a31830e308d32ba84057021c4b9312346b3f534ea0ec8_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:9dd90fe106a4c25b245ef65a66d082d3addb28a06606f7a38cb12e7e35b00ce8_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22182"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4d10cbc5518e4e6d5d2a8fc6a15afe3526865df26eaa95e265a3ece624b31e90_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:7541bf72daac1e784b5194b9c564fbc66831c6633aa7dd8eae3a7bd0c358c27e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9eab1ead869fc65a1d3e0dd482f409f954d68361be09b230aff8d399970790de_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:fb19f8197c0b403cb25287b23e19230d986f0bd45c920672dea1bf532cabe52d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:8b475114a5f77f7c041509a30246769a5f9064510724c8fc99ac29164dc3a0bb_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:892bee6e3214a69b8924f840b69a55ac0c8d66443bf042cfa88c13766bd8dce3_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa126c3f4865a2a62cba2734110418c865aa2d32f38147c056732e53fc593715_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b9889747f06f6fe48cd1a79aaf6dcafcf6a9cdd2d2ad986fb10da3f2a51c103b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f55014b7e95512e2dcad9ebde4d36a39e136093ed22fc3436e66cf9b34091999_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:086f08c9878414065d1ccd65caaf2609aba4d6aa9656f4a0387134ffda0b231d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:27cd6dee034e7eaafa86c955d119b86b8454b8721131ba870a534dacae48653e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:69a3b67246d2fe32b1a1a6d726086ebd5a5f37c1ccc3c0e0021562d83caea21a_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a4cb517edd5c5a6bf9766e1fdbd9226ffce969000dc6a8070dba193299f467a9_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:55679b420af4e99bffa2ac83979bfaeb18fa2e88999be01dbb00b5912dad6f57_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:826d18a3ecd4df0c8a8d67844677b394d1f86f365141c08cda8ce0eda78f3132_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d007cac747d974c476392a703abe053dcee0603dfc0836d180175a1e2180c02b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:f5e49246468aeaf92745e513e66224698e6a280a76a129ba91f7c41fd0be1225_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:64bad8b3369eeac99384b41984e32c85e8fdee2ae32282ca2d8e4df8b9d36df5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:74b4b594ffab3b29043c45163245df4f47aa0dea982dcac7474f09a0f6329f24_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a97741941ab1688bec159eef3918cfceaab47263a1ff0871588cde2a16f39c27_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c0fdf2c449051a44ffbdd7794c4fd6c3d6892ad7d1e30ec9e72c97ae34053127_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d86d94c67d42f5ca58f0ea102f74499cbbd0abd0f0d4bab039557981c8c18363_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:76db6178b69a489a215a5aeb295530fe6dd35210d353103139b4c5a4bfc05565_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:073d670f841132b02663a58c8eca5f6dce09f3233d8d3a6d2d55de2e78374b6c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:2837c7bcbf44311879e67be1642b3e4e3c328da0ff138ae7def975cb169f4e03_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:98918dfb471d2c25a93a31830e308d32ba84057021c4b9312346b3f534ea0ec8_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:9dd90fe106a4c25b245ef65a66d082d3addb28a06606f7a38cb12e7e35b00ce8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:cb10c70bfb9d8dc3f7bc75506901cd84af0cd11e21883f78d651838eaa83c16c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f5047f7dea7825a5d0ad7323f433af0ce17fea83d1d3861372edd682584bb30e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f8c677a9fc5a608bc6c1848db7e3ff906ea93cb9cbc92af3d574c3158b2af668_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:fe48d48bb338329da213a0a21d2ac706b4b731593f154d554bfd420ad21a2912_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2025-59420",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-09-22T18:01:35.379361+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4d10cbc5518e4e6d5d2a8fc6a15afe3526865df26eaa95e265a3ece624b31e90_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:7541bf72daac1e784b5194b9c564fbc66831c6633aa7dd8eae3a7bd0c358c27e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9eab1ead869fc65a1d3e0dd482f409f954d68361be09b230aff8d399970790de_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:fb19f8197c0b403cb25287b23e19230d986f0bd45c920672dea1bf532cabe52d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:8b475114a5f77f7c041509a30246769a5f9064510724c8fc99ac29164dc3a0bb_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:892bee6e3214a69b8924f840b69a55ac0c8d66443bf042cfa88c13766bd8dce3_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa126c3f4865a2a62cba2734110418c865aa2d32f38147c056732e53fc593715_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b9889747f06f6fe48cd1a79aaf6dcafcf6a9cdd2d2ad986fb10da3f2a51c103b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f55014b7e95512e2dcad9ebde4d36a39e136093ed22fc3436e66cf9b34091999_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:086f08c9878414065d1ccd65caaf2609aba4d6aa9656f4a0387134ffda0b231d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:27cd6dee034e7eaafa86c955d119b86b8454b8721131ba870a534dacae48653e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:69a3b67246d2fe32b1a1a6d726086ebd5a5f37c1ccc3c0e0021562d83caea21a_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a4cb517edd5c5a6bf9766e1fdbd9226ffce969000dc6a8070dba193299f467a9_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:55679b420af4e99bffa2ac83979bfaeb18fa2e88999be01dbb00b5912dad6f57_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:826d18a3ecd4df0c8a8d67844677b394d1f86f365141c08cda8ce0eda78f3132_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d007cac747d974c476392a703abe053dcee0603dfc0836d180175a1e2180c02b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:f5e49246468aeaf92745e513e66224698e6a280a76a129ba91f7c41fd0be1225_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:64bad8b3369eeac99384b41984e32c85e8fdee2ae32282ca2d8e4df8b9d36df5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:74b4b594ffab3b29043c45163245df4f47aa0dea982dcac7474f09a0f6329f24_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a97741941ab1688bec159eef3918cfceaab47263a1ff0871588cde2a16f39c27_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c0fdf2c449051a44ffbdd7794c4fd6c3d6892ad7d1e30ec9e72c97ae34053127_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d86d94c67d42f5ca58f0ea102f74499cbbd0abd0f0d4bab039557981c8c18363_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:76db6178b69a489a215a5aeb295530fe6dd35210d353103139b4c5a4bfc05565_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:073d670f841132b02663a58c8eca5f6dce09f3233d8d3a6d2d55de2e78374b6c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:2837c7bcbf44311879e67be1642b3e4e3c328da0ff138ae7def975cb169f4e03_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:98918dfb471d2c25a93a31830e308d32ba84057021c4b9312346b3f534ea0ec8_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:9dd90fe106a4c25b245ef65a66d082d3addb28a06606f7a38cb12e7e35b00ce8_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2397460"
}
],
"notes": [
{
"category": "description",
"text": "Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.4, Authlib\u2019s JWS verification accepts tokens that declare unknown critical header parameters (crit), violating RFC 7515 \u201cmust\u2011understand\u201d semantics. An attacker can craft a signed token with a critical header (for example, bork or cnf) that strict verifiers reject but Authlib accepts. In mixed\u2011language fleets, this enables split\u2011brain verification and can lead to policy bypass, replay, or privilege escalation. This issue has been patched in version 1.6.4.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib RFC violation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:cb10c70bfb9d8dc3f7bc75506901cd84af0cd11e21883f78d651838eaa83c16c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f5047f7dea7825a5d0ad7323f433af0ce17fea83d1d3861372edd682584bb30e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f8c677a9fc5a608bc6c1848db7e3ff906ea93cb9cbc92af3d574c3158b2af668_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:fe48d48bb338329da213a0a21d2ac706b4b731593f154d554bfd420ad21a2912_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4d10cbc5518e4e6d5d2a8fc6a15afe3526865df26eaa95e265a3ece624b31e90_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:7541bf72daac1e784b5194b9c564fbc66831c6633aa7dd8eae3a7bd0c358c27e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9eab1ead869fc65a1d3e0dd482f409f954d68361be09b230aff8d399970790de_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:fb19f8197c0b403cb25287b23e19230d986f0bd45c920672dea1bf532cabe52d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:8b475114a5f77f7c041509a30246769a5f9064510724c8fc99ac29164dc3a0bb_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:892bee6e3214a69b8924f840b69a55ac0c8d66443bf042cfa88c13766bd8dce3_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa126c3f4865a2a62cba2734110418c865aa2d32f38147c056732e53fc593715_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b9889747f06f6fe48cd1a79aaf6dcafcf6a9cdd2d2ad986fb10da3f2a51c103b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f55014b7e95512e2dcad9ebde4d36a39e136093ed22fc3436e66cf9b34091999_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:086f08c9878414065d1ccd65caaf2609aba4d6aa9656f4a0387134ffda0b231d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:27cd6dee034e7eaafa86c955d119b86b8454b8721131ba870a534dacae48653e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:69a3b67246d2fe32b1a1a6d726086ebd5a5f37c1ccc3c0e0021562d83caea21a_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a4cb517edd5c5a6bf9766e1fdbd9226ffce969000dc6a8070dba193299f467a9_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:55679b420af4e99bffa2ac83979bfaeb18fa2e88999be01dbb00b5912dad6f57_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:826d18a3ecd4df0c8a8d67844677b394d1f86f365141c08cda8ce0eda78f3132_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d007cac747d974c476392a703abe053dcee0603dfc0836d180175a1e2180c02b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:f5e49246468aeaf92745e513e66224698e6a280a76a129ba91f7c41fd0be1225_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:64bad8b3369eeac99384b41984e32c85e8fdee2ae32282ca2d8e4df8b9d36df5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:74b4b594ffab3b29043c45163245df4f47aa0dea982dcac7474f09a0f6329f24_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a97741941ab1688bec159eef3918cfceaab47263a1ff0871588cde2a16f39c27_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c0fdf2c449051a44ffbdd7794c4fd6c3d6892ad7d1e30ec9e72c97ae34053127_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d86d94c67d42f5ca58f0ea102f74499cbbd0abd0f0d4bab039557981c8c18363_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:76db6178b69a489a215a5aeb295530fe6dd35210d353103139b4c5a4bfc05565_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:073d670f841132b02663a58c8eca5f6dce09f3233d8d3a6d2d55de2e78374b6c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:2837c7bcbf44311879e67be1642b3e4e3c328da0ff138ae7def975cb169f4e03_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:98918dfb471d2c25a93a31830e308d32ba84057021c4b9312346b3f534ea0ec8_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:9dd90fe106a4c25b245ef65a66d082d3addb28a06606f7a38cb12e7e35b00ce8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59420"
},
{
"category": "external",
"summary": "RHBZ#2397460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397460"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59420"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59420",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59420"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/6b1813e4392eb7c168c276099ff7783b176479df",
"url": "https://github.com/authlib/authlib/commit/6b1813e4392eb7c168c276099ff7783b176479df"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32"
}
],
"release_date": "2025-09-22T17:28:53.869000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-26T14:52:57+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:cb10c70bfb9d8dc3f7bc75506901cd84af0cd11e21883f78d651838eaa83c16c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f5047f7dea7825a5d0ad7323f433af0ce17fea83d1d3861372edd682584bb30e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f8c677a9fc5a608bc6c1848db7e3ff906ea93cb9cbc92af3d574c3158b2af668_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:fe48d48bb338329da213a0a21d2ac706b4b731593f154d554bfd420ad21a2912_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22182"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4d10cbc5518e4e6d5d2a8fc6a15afe3526865df26eaa95e265a3ece624b31e90_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:7541bf72daac1e784b5194b9c564fbc66831c6633aa7dd8eae3a7bd0c358c27e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9eab1ead869fc65a1d3e0dd482f409f954d68361be09b230aff8d399970790de_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:fb19f8197c0b403cb25287b23e19230d986f0bd45c920672dea1bf532cabe52d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:8b475114a5f77f7c041509a30246769a5f9064510724c8fc99ac29164dc3a0bb_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:892bee6e3214a69b8924f840b69a55ac0c8d66443bf042cfa88c13766bd8dce3_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa126c3f4865a2a62cba2734110418c865aa2d32f38147c056732e53fc593715_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b9889747f06f6fe48cd1a79aaf6dcafcf6a9cdd2d2ad986fb10da3f2a51c103b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f55014b7e95512e2dcad9ebde4d36a39e136093ed22fc3436e66cf9b34091999_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:086f08c9878414065d1ccd65caaf2609aba4d6aa9656f4a0387134ffda0b231d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:27cd6dee034e7eaafa86c955d119b86b8454b8721131ba870a534dacae48653e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:69a3b67246d2fe32b1a1a6d726086ebd5a5f37c1ccc3c0e0021562d83caea21a_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a4cb517edd5c5a6bf9766e1fdbd9226ffce969000dc6a8070dba193299f467a9_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:55679b420af4e99bffa2ac83979bfaeb18fa2e88999be01dbb00b5912dad6f57_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:826d18a3ecd4df0c8a8d67844677b394d1f86f365141c08cda8ce0eda78f3132_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d007cac747d974c476392a703abe053dcee0603dfc0836d180175a1e2180c02b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:f5e49246468aeaf92745e513e66224698e6a280a76a129ba91f7c41fd0be1225_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:64bad8b3369eeac99384b41984e32c85e8fdee2ae32282ca2d8e4df8b9d36df5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:74b4b594ffab3b29043c45163245df4f47aa0dea982dcac7474f09a0f6329f24_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a97741941ab1688bec159eef3918cfceaab47263a1ff0871588cde2a16f39c27_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c0fdf2c449051a44ffbdd7794c4fd6c3d6892ad7d1e30ec9e72c97ae34053127_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d86d94c67d42f5ca58f0ea102f74499cbbd0abd0f0d4bab039557981c8c18363_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:76db6178b69a489a215a5aeb295530fe6dd35210d353103139b4c5a4bfc05565_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:073d670f841132b02663a58c8eca5f6dce09f3233d8d3a6d2d55de2e78374b6c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:2837c7bcbf44311879e67be1642b3e4e3c328da0ff138ae7def975cb169f4e03_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:98918dfb471d2c25a93a31830e308d32ba84057021c4b9312346b3f534ea0ec8_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:9dd90fe106a4c25b245ef65a66d082d3addb28a06606f7a38cb12e7e35b00ce8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:cb10c70bfb9d8dc3f7bc75506901cd84af0cd11e21883f78d651838eaa83c16c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f5047f7dea7825a5d0ad7323f433af0ce17fea83d1d3861372edd682584bb30e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f8c677a9fc5a608bc6c1848db7e3ff906ea93cb9cbc92af3d574c3158b2af668_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:fe48d48bb338329da213a0a21d2ac706b4b731593f154d554bfd420ad21a2912_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4d10cbc5518e4e6d5d2a8fc6a15afe3526865df26eaa95e265a3ece624b31e90_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:7541bf72daac1e784b5194b9c564fbc66831c6633aa7dd8eae3a7bd0c358c27e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9eab1ead869fc65a1d3e0dd482f409f954d68361be09b230aff8d399970790de_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:fb19f8197c0b403cb25287b23e19230d986f0bd45c920672dea1bf532cabe52d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:8b475114a5f77f7c041509a30246769a5f9064510724c8fc99ac29164dc3a0bb_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:892bee6e3214a69b8924f840b69a55ac0c8d66443bf042cfa88c13766bd8dce3_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa126c3f4865a2a62cba2734110418c865aa2d32f38147c056732e53fc593715_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b9889747f06f6fe48cd1a79aaf6dcafcf6a9cdd2d2ad986fb10da3f2a51c103b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f55014b7e95512e2dcad9ebde4d36a39e136093ed22fc3436e66cf9b34091999_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:086f08c9878414065d1ccd65caaf2609aba4d6aa9656f4a0387134ffda0b231d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:27cd6dee034e7eaafa86c955d119b86b8454b8721131ba870a534dacae48653e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:69a3b67246d2fe32b1a1a6d726086ebd5a5f37c1ccc3c0e0021562d83caea21a_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a4cb517edd5c5a6bf9766e1fdbd9226ffce969000dc6a8070dba193299f467a9_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:55679b420af4e99bffa2ac83979bfaeb18fa2e88999be01dbb00b5912dad6f57_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:826d18a3ecd4df0c8a8d67844677b394d1f86f365141c08cda8ce0eda78f3132_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d007cac747d974c476392a703abe053dcee0603dfc0836d180175a1e2180c02b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:f5e49246468aeaf92745e513e66224698e6a280a76a129ba91f7c41fd0be1225_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:64bad8b3369eeac99384b41984e32c85e8fdee2ae32282ca2d8e4df8b9d36df5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:74b4b594ffab3b29043c45163245df4f47aa0dea982dcac7474f09a0f6329f24_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a97741941ab1688bec159eef3918cfceaab47263a1ff0871588cde2a16f39c27_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c0fdf2c449051a44ffbdd7794c4fd6c3d6892ad7d1e30ec9e72c97ae34053127_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d86d94c67d42f5ca58f0ea102f74499cbbd0abd0f0d4bab039557981c8c18363_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:76db6178b69a489a215a5aeb295530fe6dd35210d353103139b4c5a4bfc05565_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:073d670f841132b02663a58c8eca5f6dce09f3233d8d3a6d2d55de2e78374b6c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:2837c7bcbf44311879e67be1642b3e4e3c328da0ff138ae7def975cb169f4e03_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:98918dfb471d2c25a93a31830e308d32ba84057021c4b9312346b3f534ea0ec8_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:9dd90fe106a4c25b245ef65a66d082d3addb28a06606f7a38cb12e7e35b00ce8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:cb10c70bfb9d8dc3f7bc75506901cd84af0cd11e21883f78d651838eaa83c16c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f5047f7dea7825a5d0ad7323f433af0ce17fea83d1d3861372edd682584bb30e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f8c677a9fc5a608bc6c1848db7e3ff906ea93cb9cbc92af3d574c3158b2af668_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:fe48d48bb338329da213a0a21d2ac706b4b731593f154d554bfd420ad21a2912_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib RFC violation"
},
{
"cve": "CVE-2025-61920",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-10T20:01:12.833962+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4d10cbc5518e4e6d5d2a8fc6a15afe3526865df26eaa95e265a3ece624b31e90_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:7541bf72daac1e784b5194b9c564fbc66831c6633aa7dd8eae3a7bd0c358c27e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9eab1ead869fc65a1d3e0dd482f409f954d68361be09b230aff8d399970790de_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:fb19f8197c0b403cb25287b23e19230d986f0bd45c920672dea1bf532cabe52d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:8b475114a5f77f7c041509a30246769a5f9064510724c8fc99ac29164dc3a0bb_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:892bee6e3214a69b8924f840b69a55ac0c8d66443bf042cfa88c13766bd8dce3_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa126c3f4865a2a62cba2734110418c865aa2d32f38147c056732e53fc593715_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b9889747f06f6fe48cd1a79aaf6dcafcf6a9cdd2d2ad986fb10da3f2a51c103b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f55014b7e95512e2dcad9ebde4d36a39e136093ed22fc3436e66cf9b34091999_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:086f08c9878414065d1ccd65caaf2609aba4d6aa9656f4a0387134ffda0b231d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:27cd6dee034e7eaafa86c955d119b86b8454b8721131ba870a534dacae48653e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:69a3b67246d2fe32b1a1a6d726086ebd5a5f37c1ccc3c0e0021562d83caea21a_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a4cb517edd5c5a6bf9766e1fdbd9226ffce969000dc6a8070dba193299f467a9_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:55679b420af4e99bffa2ac83979bfaeb18fa2e88999be01dbb00b5912dad6f57_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:826d18a3ecd4df0c8a8d67844677b394d1f86f365141c08cda8ce0eda78f3132_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d007cac747d974c476392a703abe053dcee0603dfc0836d180175a1e2180c02b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:f5e49246468aeaf92745e513e66224698e6a280a76a129ba91f7c41fd0be1225_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:64bad8b3369eeac99384b41984e32c85e8fdee2ae32282ca2d8e4df8b9d36df5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:74b4b594ffab3b29043c45163245df4f47aa0dea982dcac7474f09a0f6329f24_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a97741941ab1688bec159eef3918cfceaab47263a1ff0871588cde2a16f39c27_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c0fdf2c449051a44ffbdd7794c4fd6c3d6892ad7d1e30ec9e72c97ae34053127_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d86d94c67d42f5ca58f0ea102f74499cbbd0abd0f0d4bab039557981c8c18363_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:76db6178b69a489a215a5aeb295530fe6dd35210d353103139b4c5a4bfc05565_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:073d670f841132b02663a58c8eca5f6dce09f3233d8d3a6d2d55de2e78374b6c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:2837c7bcbf44311879e67be1642b3e4e3c328da0ff138ae7def975cb169f4e03_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:98918dfb471d2c25a93a31830e308d32ba84057021c4b9312346b3f534ea0ec8_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:9dd90fe106a4c25b245ef65a66d082d3addb28a06606f7a38cb12e7e35b00ce8_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2403179"
}
],
"notes": [
{
"category": "description",
"text": "Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib\u2019s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url\u2011encoded header or signature spans hundreds of megabytes. During verification, Authlib decodes and parses the full input before it is rejected, driving CPU and memory consumption to hostile levels and enabling denial of service. Version 1.6.5 patches the issue. Some temporary workarounds are available. Enforce input size limits before handing tokens to Authlib and/or use application-level throttling to reduce amplification risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:cb10c70bfb9d8dc3f7bc75506901cd84af0cd11e21883f78d651838eaa83c16c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f5047f7dea7825a5d0ad7323f433af0ce17fea83d1d3861372edd682584bb30e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f8c677a9fc5a608bc6c1848db7e3ff906ea93cb9cbc92af3d574c3158b2af668_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:fe48d48bb338329da213a0a21d2ac706b4b731593f154d554bfd420ad21a2912_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4d10cbc5518e4e6d5d2a8fc6a15afe3526865df26eaa95e265a3ece624b31e90_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:7541bf72daac1e784b5194b9c564fbc66831c6633aa7dd8eae3a7bd0c358c27e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9eab1ead869fc65a1d3e0dd482f409f954d68361be09b230aff8d399970790de_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:fb19f8197c0b403cb25287b23e19230d986f0bd45c920672dea1bf532cabe52d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:8b475114a5f77f7c041509a30246769a5f9064510724c8fc99ac29164dc3a0bb_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:892bee6e3214a69b8924f840b69a55ac0c8d66443bf042cfa88c13766bd8dce3_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa126c3f4865a2a62cba2734110418c865aa2d32f38147c056732e53fc593715_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b9889747f06f6fe48cd1a79aaf6dcafcf6a9cdd2d2ad986fb10da3f2a51c103b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f55014b7e95512e2dcad9ebde4d36a39e136093ed22fc3436e66cf9b34091999_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:086f08c9878414065d1ccd65caaf2609aba4d6aa9656f4a0387134ffda0b231d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:27cd6dee034e7eaafa86c955d119b86b8454b8721131ba870a534dacae48653e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:69a3b67246d2fe32b1a1a6d726086ebd5a5f37c1ccc3c0e0021562d83caea21a_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a4cb517edd5c5a6bf9766e1fdbd9226ffce969000dc6a8070dba193299f467a9_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:55679b420af4e99bffa2ac83979bfaeb18fa2e88999be01dbb00b5912dad6f57_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:826d18a3ecd4df0c8a8d67844677b394d1f86f365141c08cda8ce0eda78f3132_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d007cac747d974c476392a703abe053dcee0603dfc0836d180175a1e2180c02b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:f5e49246468aeaf92745e513e66224698e6a280a76a129ba91f7c41fd0be1225_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:64bad8b3369eeac99384b41984e32c85e8fdee2ae32282ca2d8e4df8b9d36df5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:74b4b594ffab3b29043c45163245df4f47aa0dea982dcac7474f09a0f6329f24_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a97741941ab1688bec159eef3918cfceaab47263a1ff0871588cde2a16f39c27_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c0fdf2c449051a44ffbdd7794c4fd6c3d6892ad7d1e30ec9e72c97ae34053127_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d86d94c67d42f5ca58f0ea102f74499cbbd0abd0f0d4bab039557981c8c18363_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:76db6178b69a489a215a5aeb295530fe6dd35210d353103139b4c5a4bfc05565_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:073d670f841132b02663a58c8eca5f6dce09f3233d8d3a6d2d55de2e78374b6c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:2837c7bcbf44311879e67be1642b3e4e3c328da0ff138ae7def975cb169f4e03_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:98918dfb471d2c25a93a31830e308d32ba84057021c4b9312346b3f534ea0ec8_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:9dd90fe106a4c25b245ef65a66d082d3addb28a06606f7a38cb12e7e35b00ce8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61920"
},
{
"category": "external",
"summary": "RHBZ#2403179",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403179"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61920"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61920",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61920"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e",
"url": "https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9"
}
],
"release_date": "2025-10-10T19:25:07.679000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-26T14:52:57+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:cb10c70bfb9d8dc3f7bc75506901cd84af0cd11e21883f78d651838eaa83c16c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f5047f7dea7825a5d0ad7323f433af0ce17fea83d1d3861372edd682584bb30e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f8c677a9fc5a608bc6c1848db7e3ff906ea93cb9cbc92af3d574c3158b2af668_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:fe48d48bb338329da213a0a21d2ac706b4b731593f154d554bfd420ad21a2912_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22182"
},
{
"category": "workaround",
"details": "Users unable to upgrade may manually enforce input size limits before handing tokens to Authlib and/or use application-level throttling to reduce amplification risk.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4d10cbc5518e4e6d5d2a8fc6a15afe3526865df26eaa95e265a3ece624b31e90_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:7541bf72daac1e784b5194b9c564fbc66831c6633aa7dd8eae3a7bd0c358c27e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9eab1ead869fc65a1d3e0dd482f409f954d68361be09b230aff8d399970790de_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:fb19f8197c0b403cb25287b23e19230d986f0bd45c920672dea1bf532cabe52d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:8b475114a5f77f7c041509a30246769a5f9064510724c8fc99ac29164dc3a0bb_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:892bee6e3214a69b8924f840b69a55ac0c8d66443bf042cfa88c13766bd8dce3_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa126c3f4865a2a62cba2734110418c865aa2d32f38147c056732e53fc593715_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b9889747f06f6fe48cd1a79aaf6dcafcf6a9cdd2d2ad986fb10da3f2a51c103b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f55014b7e95512e2dcad9ebde4d36a39e136093ed22fc3436e66cf9b34091999_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:086f08c9878414065d1ccd65caaf2609aba4d6aa9656f4a0387134ffda0b231d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:27cd6dee034e7eaafa86c955d119b86b8454b8721131ba870a534dacae48653e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:69a3b67246d2fe32b1a1a6d726086ebd5a5f37c1ccc3c0e0021562d83caea21a_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a4cb517edd5c5a6bf9766e1fdbd9226ffce969000dc6a8070dba193299f467a9_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:55679b420af4e99bffa2ac83979bfaeb18fa2e88999be01dbb00b5912dad6f57_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:826d18a3ecd4df0c8a8d67844677b394d1f86f365141c08cda8ce0eda78f3132_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d007cac747d974c476392a703abe053dcee0603dfc0836d180175a1e2180c02b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:f5e49246468aeaf92745e513e66224698e6a280a76a129ba91f7c41fd0be1225_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:64bad8b3369eeac99384b41984e32c85e8fdee2ae32282ca2d8e4df8b9d36df5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:74b4b594ffab3b29043c45163245df4f47aa0dea982dcac7474f09a0f6329f24_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a97741941ab1688bec159eef3918cfceaab47263a1ff0871588cde2a16f39c27_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c0fdf2c449051a44ffbdd7794c4fd6c3d6892ad7d1e30ec9e72c97ae34053127_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d86d94c67d42f5ca58f0ea102f74499cbbd0abd0f0d4bab039557981c8c18363_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:76db6178b69a489a215a5aeb295530fe6dd35210d353103139b4c5a4bfc05565_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:073d670f841132b02663a58c8eca5f6dce09f3233d8d3a6d2d55de2e78374b6c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:2837c7bcbf44311879e67be1642b3e4e3c328da0ff138ae7def975cb169f4e03_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:98918dfb471d2c25a93a31830e308d32ba84057021c4b9312346b3f534ea0ec8_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:9dd90fe106a4c25b245ef65a66d082d3addb28a06606f7a38cb12e7e35b00ce8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:cb10c70bfb9d8dc3f7bc75506901cd84af0cd11e21883f78d651838eaa83c16c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f5047f7dea7825a5d0ad7323f433af0ce17fea83d1d3861372edd682584bb30e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f8c677a9fc5a608bc6c1848db7e3ff906ea93cb9cbc92af3d574c3158b2af668_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:fe48d48bb338329da213a0a21d2ac706b4b731593f154d554bfd420ad21a2912_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4d10cbc5518e4e6d5d2a8fc6a15afe3526865df26eaa95e265a3ece624b31e90_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:7541bf72daac1e784b5194b9c564fbc66831c6633aa7dd8eae3a7bd0c358c27e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:9eab1ead869fc65a1d3e0dd482f409f954d68361be09b230aff8d399970790de_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:fb19f8197c0b403cb25287b23e19230d986f0bd45c920672dea1bf532cabe52d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:8b475114a5f77f7c041509a30246769a5f9064510724c8fc99ac29164dc3a0bb_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:892bee6e3214a69b8924f840b69a55ac0c8d66443bf042cfa88c13766bd8dce3_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:aa126c3f4865a2a62cba2734110418c865aa2d32f38147c056732e53fc593715_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b9889747f06f6fe48cd1a79aaf6dcafcf6a9cdd2d2ad986fb10da3f2a51c103b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f55014b7e95512e2dcad9ebde4d36a39e136093ed22fc3436e66cf9b34091999_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:086f08c9878414065d1ccd65caaf2609aba4d6aa9656f4a0387134ffda0b231d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:27cd6dee034e7eaafa86c955d119b86b8454b8721131ba870a534dacae48653e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:69a3b67246d2fe32b1a1a6d726086ebd5a5f37c1ccc3c0e0021562d83caea21a_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a4cb517edd5c5a6bf9766e1fdbd9226ffce969000dc6a8070dba193299f467a9_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:55679b420af4e99bffa2ac83979bfaeb18fa2e88999be01dbb00b5912dad6f57_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:826d18a3ecd4df0c8a8d67844677b394d1f86f365141c08cda8ce0eda78f3132_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:d007cac747d974c476392a703abe053dcee0603dfc0836d180175a1e2180c02b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:f5e49246468aeaf92745e513e66224698e6a280a76a129ba91f7c41fd0be1225_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:64bad8b3369eeac99384b41984e32c85e8fdee2ae32282ca2d8e4df8b9d36df5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:74b4b594ffab3b29043c45163245df4f47aa0dea982dcac7474f09a0f6329f24_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a97741941ab1688bec159eef3918cfceaab47263a1ff0871588cde2a16f39c27_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c0fdf2c449051a44ffbdd7794c4fd6c3d6892ad7d1e30ec9e72c97ae34053127_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d86d94c67d42f5ca58f0ea102f74499cbbd0abd0f0d4bab039557981c8c18363_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:76db6178b69a489a215a5aeb295530fe6dd35210d353103139b4c5a4bfc05565_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:073d670f841132b02663a58c8eca5f6dce09f3233d8d3a6d2d55de2e78374b6c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:2837c7bcbf44311879e67be1642b3e4e3c328da0ff138ae7def975cb169f4e03_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:98918dfb471d2c25a93a31830e308d32ba84057021c4b9312346b3f534ea0ec8_arm64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:9dd90fe106a4c25b245ef65a66d082d3addb28a06606f7a38cb12e7e35b00ce8_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:cb10c70bfb9d8dc3f7bc75506901cd84af0cd11e21883f78d651838eaa83c16c_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f5047f7dea7825a5d0ad7323f433af0ce17fea83d1d3861372edd682584bb30e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f8c677a9fc5a608bc6c1848db7e3ff906ea93cb9cbc92af3d574c3158b2af668_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:fe48d48bb338329da213a0a21d2ac706b4b731593f154d554bfd420ad21a2912_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib Denial of Service"
}
]
}
RHSA-2025:22287
Vulnerability from csaf_redhat - Published: 2025-11-27 14:54 - Updated: 2025-12-05 06:24Summary
Red Hat Security Advisory: Red Hat Quay 3.9
Notes
Topic
Red Hat Quay 3.9 is now available with bug fixes.
Details
Quay 3.9
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.9 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.9",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:22287",
"url": "https://access.redhat.com/errata/RHSA-2025:22287"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34156",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59420",
"url": "https://access.redhat.com/security/cve/CVE-2025-59420"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61920",
"url": "https://access.redhat.com/security/cve/CVE-2025-61920"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22287.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.9",
"tracking": {
"current_release_date": "2025-12-05T06:24:25+00:00",
"generator": {
"date": "2025-12-05T06:24:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.13"
}
},
"id": "RHSA-2025:22287",
"initial_release_date": "2025-11-27T14:54:51+00:00",
"revision_history": [
{
"date": "2025-11-27T14:54:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-27T14:54:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-05T06:24:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.9",
"product": {
"name": "Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.9::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:878b011b86512d01021feb10cdd54608a3ab68d2f3db5a1d53ce8feaa9e56878_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:878b011b86512d01021feb10cdd54608a3ab68d2f3db5a1d53ce8feaa9e56878_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:878b011b86512d01021feb10cdd54608a3ab68d2f3db5a1d53ce8feaa9e56878_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A878b011b86512d01021feb10cdd54608a3ab68d2f3db5a1d53ce8feaa9e56878?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.9.17-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:54003d9396862c6e3b675455ac8c0159662a6640bb889ffb34516d2d091275de_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:54003d9396862c6e3b675455ac8c0159662a6640bb889ffb34516d2d091275de_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:54003d9396862c6e3b675455ac8c0159662a6640bb889ffb34516d2d091275de_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A54003d9396862c6e3b675455ac8c0159662a6640bb889ffb34516d2d091275de?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.9.17-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:49db4fa7375da6397c45b6c09e10e20f5855348e21812d64474c3adec7f1cbdd_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:49db4fa7375da6397c45b6c09e10e20f5855348e21812d64474c3adec7f1cbdd_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:49db4fa7375da6397c45b6c09e10e20f5855348e21812d64474c3adec7f1cbdd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A49db4fa7375da6397c45b6c09e10e20f5855348e21812d64474c3adec7f1cbdd?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.9.17-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:235d66a1ef93f2ae13266709a30698d444d6e481b8edbdb252d49d9aea4b76ce_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:235d66a1ef93f2ae13266709a30698d444d6e481b8edbdb252d49d9aea4b76ce_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:235d66a1ef93f2ae13266709a30698d444d6e481b8edbdb252d49d9aea4b76ce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A235d66a1ef93f2ae13266709a30698d444d6e481b8edbdb252d49d9aea4b76ce?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.9-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8ca3e5903314362c191c6acd1d3865436d85daf50e284760da21e28f473a8ee5_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8ca3e5903314362c191c6acd1d3865436d85daf50e284760da21e28f473a8ee5_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8ca3e5903314362c191c6acd1d3865436d85daf50e284760da21e28f473a8ee5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A8ca3e5903314362c191c6acd1d3865436d85daf50e284760da21e28f473a8ee5?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.14-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9b69aadfde5c4cbde98f496c54ce396d1daa5277b8f59577f22855345604442e_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9b69aadfde5c4cbde98f496c54ce396d1daa5277b8f59577f22855345604442e_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9b69aadfde5c4cbde98f496c54ce396d1daa5277b8f59577f22855345604442e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A9b69aadfde5c4cbde98f496c54ce396d1daa5277b8f59577f22855345604442e?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=8.10-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:02ced94ebfcce3e21bcc71af6aa1c11db50822c91dd05cec4fb41a34e6669112_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:02ced94ebfcce3e21bcc71af6aa1c11db50822c91dd05cec4fb41a34e6669112_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:02ced94ebfcce3e21bcc71af6aa1c11db50822c91dd05cec4fb41a34e6669112_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A02ced94ebfcce3e21bcc71af6aa1c11db50822c91dd05cec4fb41a34e6669112?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.9.0-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:ce217da657cabd3cf9beaff3a3b096309738c33932f2ad33d46b03870598f0c4_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:ce217da657cabd3cf9beaff3a3b096309738c33932f2ad33d46b03870598f0c4_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:ce217da657cabd3cf9beaff3a3b096309738c33932f2ad33d46b03870598f0c4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3Ace217da657cabd3cf9beaff3a3b096309738c33932f2ad33d46b03870598f0c4?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.9.17-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f4ab11e6a09b983a4af87723877338a79b45c36b3848b0e8032963a330d98467_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f4ab11e6a09b983a4af87723877338a79b45c36b3848b0e8032963a330d98467_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f4ab11e6a09b983a4af87723877338a79b45c36b3848b0e8032963a330d98467_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Af4ab11e6a09b983a4af87723877338a79b45c36b3848b0e8032963a330d98467?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.9.17-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a6813e5bf29916abf84b2d120a30cda07edf06f735c860ee4d0510ed0c59633b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a6813e5bf29916abf84b2d120a30cda07edf06f735c860ee4d0510ed0c59633b_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:a6813e5bf29916abf84b2d120a30cda07edf06f735c860ee4d0510ed0c59633b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Aa6813e5bf29916abf84b2d120a30cda07edf06f735c860ee4d0510ed0c59633b?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.9-1764254756"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8458e32483b897e156a5688ec6d96af2ff897e8c14dafb396c945f7c76b4c368_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8458e32483b897e156a5688ec6d96af2ff897e8c14dafb396c945f7c76b4c368_arm64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8458e32483b897e156a5688ec6d96af2ff897e8c14dafb396c945f7c76b4c368_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A8458e32483b897e156a5688ec6d96af2ff897e8c14dafb396c945f7c76b4c368?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.9.17-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:97dd28bc0b588ffc8fd9a171a946580c0572eb6fb34c85d5e1b799a12cf22574_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:97dd28bc0b588ffc8fd9a171a946580c0572eb6fb34c85d5e1b799a12cf22574_arm64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:97dd28bc0b588ffc8fd9a171a946580c0572eb6fb34c85d5e1b799a12cf22574_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A97dd28bc0b588ffc8fd9a171a946580c0572eb6fb34c85d5e1b799a12cf22574?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.9-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:60638663af472a24a79cc4a6ec7d4d78a3d10b0e09eec80f6da6855277ff139b_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:60638663af472a24a79cc4a6ec7d4d78a3d10b0e09eec80f6da6855277ff139b_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:60638663af472a24a79cc4a6ec7d4d78a3d10b0e09eec80f6da6855277ff139b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A60638663af472a24a79cc4a6ec7d4d78a3d10b0e09eec80f6da6855277ff139b?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.14-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:76dd5f7b326afb6c72515daed8e65331f98cb7ad514612c06c85f14de6b525e4_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:76dd5f7b326afb6c72515daed8e65331f98cb7ad514612c06c85f14de6b525e4_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:76dd5f7b326afb6c72515daed8e65331f98cb7ad514612c06c85f14de6b525e4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A76dd5f7b326afb6c72515daed8e65331f98cb7ad514612c06c85f14de6b525e4?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=8.10-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:ad995b723102f4472e4190257b61582de5c6b058b908bcee7cebe683ae77be75_arm64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:ad995b723102f4472e4190257b61582de5c6b058b908bcee7cebe683ae77be75_arm64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:ad995b723102f4472e4190257b61582de5c6b058b908bcee7cebe683ae77be75_arm64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Aad995b723102f4472e4190257b61582de5c6b058b908bcee7cebe683ae77be75?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.9.0-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a6e6c1f865e6c3e237c36bbb58b3c0e533171303e21cbe4d829d05b497fcd5c7_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a6e6c1f865e6c3e237c36bbb58b3c0e533171303e21cbe4d829d05b497fcd5c7_arm64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a6e6c1f865e6c3e237c36bbb58b3c0e533171303e21cbe4d829d05b497fcd5c7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Aa6e6c1f865e6c3e237c36bbb58b3c0e533171303e21cbe4d829d05b497fcd5c7?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.9.17-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f0814d33be7a101b6326fb8a536efc0fe66df764d1efa8ddda021e90e61afda9_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f0814d33be7a101b6326fb8a536efc0fe66df764d1efa8ddda021e90e61afda9_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:f0814d33be7a101b6326fb8a536efc0fe66df764d1efa8ddda021e90e61afda9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Af0814d33be7a101b6326fb8a536efc0fe66df764d1efa8ddda021e90e61afda9?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.9-1764254756"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ac042b538a7498bf3020c20234966fdbc9b6817aae343985f3bf8ba9fcfdb6d6_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ac042b538a7498bf3020c20234966fdbc9b6817aae343985f3bf8ba9fcfdb6d6_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ac042b538a7498bf3020c20234966fdbc9b6817aae343985f3bf8ba9fcfdb6d6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Aac042b538a7498bf3020c20234966fdbc9b6817aae343985f3bf8ba9fcfdb6d6?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=3.9.17-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26a27da8aa0da9a6673907fe35de61cc93932386070dc3d7ad348e8c086b19d7_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26a27da8aa0da9a6673907fe35de61cc93932386070dc3d7ad348e8c086b19d7_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26a27da8aa0da9a6673907fe35de61cc93932386070dc3d7ad348e8c086b19d7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A26a27da8aa0da9a6673907fe35de61cc93932386070dc3d7ad348e8c086b19d7?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=3.9-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9a8d1b2e4b0497f96cbbdfa90d96239da9da8329917adca696ea6f0e20d2c2c0_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9a8d1b2e4b0497f96cbbdfa90d96239da9da8329917adca696ea6f0e20d2c2c0_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9a8d1b2e4b0497f96cbbdfa90d96239da9da8329917adca696ea6f0e20d2c2c0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A9a8d1b2e4b0497f96cbbdfa90d96239da9da8329917adca696ea6f0e20d2c2c0?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=3.14-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:decf4b7e1917a2c551ea095c9798a65237879369e9f736a44b885e2589e5c05b_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:decf4b7e1917a2c551ea095c9798a65237879369e9f736a44b885e2589e5c05b_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:decf4b7e1917a2c551ea095c9798a65237879369e9f736a44b885e2589e5c05b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Adecf4b7e1917a2c551ea095c9798a65237879369e9f736a44b885e2589e5c05b?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=8.10-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:42a67bb2e5ab681eadc253b413f0bf557d63f282f270e6064f5768fecf6886e5_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:42a67bb2e5ab681eadc253b413f0bf557d63f282f270e6064f5768fecf6886e5_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:42a67bb2e5ab681eadc253b413f0bf557d63f282f270e6064f5768fecf6886e5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A42a67bb2e5ab681eadc253b413f0bf557d63f282f270e6064f5768fecf6886e5?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.9.0-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:71a6e23a69d7c4723a2653f630c8b02057545c1be65e5f4401490f0364f0d43c_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:71a6e23a69d7c4723a2653f630c8b02057545c1be65e5f4401490f0364f0d43c_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:71a6e23a69d7c4723a2653f630c8b02057545c1be65e5f4401490f0364f0d43c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A71a6e23a69d7c4723a2653f630c8b02057545c1be65e5f4401490f0364f0d43c?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=3.9.17-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:628dd4acfe11aef376cc6d75dc7c337c1e487113c2e78e003a3377472b22f488_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:628dd4acfe11aef376cc6d75dc7c337c1e487113c2e78e003a3377472b22f488_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:628dd4acfe11aef376cc6d75dc7c337c1e487113c2e78e003a3377472b22f488_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A628dd4acfe11aef376cc6d75dc7c337c1e487113c2e78e003a3377472b22f488?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=3.9-1764254756"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5f2ba97f71eefadd2a84b031e536619dcf1a0b76ae9225592c05b99ec87ca9dc_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5f2ba97f71eefadd2a84b031e536619dcf1a0b76ae9225592c05b99ec87ca9dc_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5f2ba97f71eefadd2a84b031e536619dcf1a0b76ae9225592c05b99ec87ca9dc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A5f2ba97f71eefadd2a84b031e536619dcf1a0b76ae9225592c05b99ec87ca9dc?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=3.9.17-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b6179970b9060f74475ccd25cbb8f8a098ed5e71afb444058156e91e8a51d5a9_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b6179970b9060f74475ccd25cbb8f8a098ed5e71afb444058156e91e8a51d5a9_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b6179970b9060f74475ccd25cbb8f8a098ed5e71afb444058156e91e8a51d5a9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Ab6179970b9060f74475ccd25cbb8f8a098ed5e71afb444058156e91e8a51d5a9?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=3.9-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c622550fb4630be48a1a6e1a8f9337718e4f934b5e5cd23bcc4300beb03eeeae_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c622550fb4630be48a1a6e1a8f9337718e4f934b5e5cd23bcc4300beb03eeeae_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c622550fb4630be48a1a6e1a8f9337718e4f934b5e5cd23bcc4300beb03eeeae_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Ac622550fb4630be48a1a6e1a8f9337718e4f934b5e5cd23bcc4300beb03eeeae?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=3.14-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7cfa21df6e22c2157d2eb65b5e226863a121c8e661a1869b585ca0656fb6013a_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7cfa21df6e22c2157d2eb65b5e226863a121c8e661a1869b585ca0656fb6013a_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7cfa21df6e22c2157d2eb65b5e226863a121c8e661a1869b585ca0656fb6013a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A7cfa21df6e22c2157d2eb65b5e226863a121c8e661a1869b585ca0656fb6013a?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=8.10-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:880c746eb5822f68e41ca7b60d97799115c30f39bdc7e458f7a4101e2af36c8c_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:880c746eb5822f68e41ca7b60d97799115c30f39bdc7e458f7a4101e2af36c8c_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:880c746eb5822f68e41ca7b60d97799115c30f39bdc7e458f7a4101e2af36c8c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A880c746eb5822f68e41ca7b60d97799115c30f39bdc7e458f7a4101e2af36c8c?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.9.0-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:278facca3eaf0c2091ad8575e85ac03aef6e8a52227511e7ee5f62bc2842dac8_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:278facca3eaf0c2091ad8575e85ac03aef6e8a52227511e7ee5f62bc2842dac8_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:278facca3eaf0c2091ad8575e85ac03aef6e8a52227511e7ee5f62bc2842dac8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A278facca3eaf0c2091ad8575e85ac03aef6e8a52227511e7ee5f62bc2842dac8?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=3.9.17-1764254756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c7c6fe7ff2592c0fdf51d6e3b0ce657dffcd131c60c00ce680acd89c5c286cee_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c7c6fe7ff2592c0fdf51d6e3b0ce657dffcd131c60c00ce680acd89c5c286cee_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:c7c6fe7ff2592c0fdf51d6e3b0ce657dffcd131c60c00ce680acd89c5c286cee_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ac7c6fe7ff2592c0fdf51d6e3b0ce657dffcd131c60c00ce680acd89c5c286cee?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=3.9-1764254756"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:02ced94ebfcce3e21bcc71af6aa1c11db50822c91dd05cec4fb41a34e6669112_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:02ced94ebfcce3e21bcc71af6aa1c11db50822c91dd05cec4fb41a34e6669112_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:02ced94ebfcce3e21bcc71af6aa1c11db50822c91dd05cec4fb41a34e6669112_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:42a67bb2e5ab681eadc253b413f0bf557d63f282f270e6064f5768fecf6886e5_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:42a67bb2e5ab681eadc253b413f0bf557d63f282f270e6064f5768fecf6886e5_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:42a67bb2e5ab681eadc253b413f0bf557d63f282f270e6064f5768fecf6886e5_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:880c746eb5822f68e41ca7b60d97799115c30f39bdc7e458f7a4101e2af36c8c_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:880c746eb5822f68e41ca7b60d97799115c30f39bdc7e458f7a4101e2af36c8c_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:880c746eb5822f68e41ca7b60d97799115c30f39bdc7e458f7a4101e2af36c8c_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:ad995b723102f4472e4190257b61582de5c6b058b908bcee7cebe683ae77be75_arm64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ad995b723102f4472e4190257b61582de5c6b058b908bcee7cebe683ae77be75_arm64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:ad995b723102f4472e4190257b61582de5c6b058b908bcee7cebe683ae77be75_arm64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:49db4fa7375da6397c45b6c09e10e20f5855348e21812d64474c3adec7f1cbdd_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:49db4fa7375da6397c45b6c09e10e20f5855348e21812d64474c3adec7f1cbdd_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:49db4fa7375da6397c45b6c09e10e20f5855348e21812d64474c3adec7f1cbdd_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:235d66a1ef93f2ae13266709a30698d444d6e481b8edbdb252d49d9aea4b76ce_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:235d66a1ef93f2ae13266709a30698d444d6e481b8edbdb252d49d9aea4b76ce_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:235d66a1ef93f2ae13266709a30698d444d6e481b8edbdb252d49d9aea4b76ce_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26a27da8aa0da9a6673907fe35de61cc93932386070dc3d7ad348e8c086b19d7_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26a27da8aa0da9a6673907fe35de61cc93932386070dc3d7ad348e8c086b19d7_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26a27da8aa0da9a6673907fe35de61cc93932386070dc3d7ad348e8c086b19d7_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:97dd28bc0b588ffc8fd9a171a946580c0572eb6fb34c85d5e1b799a12cf22574_arm64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:97dd28bc0b588ffc8fd9a171a946580c0572eb6fb34c85d5e1b799a12cf22574_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:97dd28bc0b588ffc8fd9a171a946580c0572eb6fb34c85d5e1b799a12cf22574_arm64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b6179970b9060f74475ccd25cbb8f8a098ed5e71afb444058156e91e8a51d5a9_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b6179970b9060f74475ccd25cbb8f8a098ed5e71afb444058156e91e8a51d5a9_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b6179970b9060f74475ccd25cbb8f8a098ed5e71afb444058156e91e8a51d5a9_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:60638663af472a24a79cc4a6ec7d4d78a3d10b0e09eec80f6da6855277ff139b_arm64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:60638663af472a24a79cc4a6ec7d4d78a3d10b0e09eec80f6da6855277ff139b_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:60638663af472a24a79cc4a6ec7d4d78a3d10b0e09eec80f6da6855277ff139b_arm64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8ca3e5903314362c191c6acd1d3865436d85daf50e284760da21e28f473a8ee5_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8ca3e5903314362c191c6acd1d3865436d85daf50e284760da21e28f473a8ee5_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8ca3e5903314362c191c6acd1d3865436d85daf50e284760da21e28f473a8ee5_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9a8d1b2e4b0497f96cbbdfa90d96239da9da8329917adca696ea6f0e20d2c2c0_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9a8d1b2e4b0497f96cbbdfa90d96239da9da8329917adca696ea6f0e20d2c2c0_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9a8d1b2e4b0497f96cbbdfa90d96239da9da8329917adca696ea6f0e20d2c2c0_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c622550fb4630be48a1a6e1a8f9337718e4f934b5e5cd23bcc4300beb03eeeae_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c622550fb4630be48a1a6e1a8f9337718e4f934b5e5cd23bcc4300beb03eeeae_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c622550fb4630be48a1a6e1a8f9337718e4f934b5e5cd23bcc4300beb03eeeae_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:76dd5f7b326afb6c72515daed8e65331f98cb7ad514612c06c85f14de6b525e4_arm64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:76dd5f7b326afb6c72515daed8e65331f98cb7ad514612c06c85f14de6b525e4_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:76dd5f7b326afb6c72515daed8e65331f98cb7ad514612c06c85f14de6b525e4_arm64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7cfa21df6e22c2157d2eb65b5e226863a121c8e661a1869b585ca0656fb6013a_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:7cfa21df6e22c2157d2eb65b5e226863a121c8e661a1869b585ca0656fb6013a_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7cfa21df6e22c2157d2eb65b5e226863a121c8e661a1869b585ca0656fb6013a_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9b69aadfde5c4cbde98f496c54ce396d1daa5277b8f59577f22855345604442e_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:9b69aadfde5c4cbde98f496c54ce396d1daa5277b8f59577f22855345604442e_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9b69aadfde5c4cbde98f496c54ce396d1daa5277b8f59577f22855345604442e_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:decf4b7e1917a2c551ea095c9798a65237879369e9f736a44b885e2589e5c05b_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:decf4b7e1917a2c551ea095c9798a65237879369e9f736a44b885e2589e5c05b_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:decf4b7e1917a2c551ea095c9798a65237879369e9f736a44b885e2589e5c05b_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:878b011b86512d01021feb10cdd54608a3ab68d2f3db5a1d53ce8feaa9e56878_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:878b011b86512d01021feb10cdd54608a3ab68d2f3db5a1d53ce8feaa9e56878_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:878b011b86512d01021feb10cdd54608a3ab68d2f3db5a1d53ce8feaa9e56878_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:54003d9396862c6e3b675455ac8c0159662a6640bb889ffb34516d2d091275de_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:54003d9396862c6e3b675455ac8c0159662a6640bb889ffb34516d2d091275de_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:54003d9396862c6e3b675455ac8c0159662a6640bb889ffb34516d2d091275de_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5f2ba97f71eefadd2a84b031e536619dcf1a0b76ae9225592c05b99ec87ca9dc_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5f2ba97f71eefadd2a84b031e536619dcf1a0b76ae9225592c05b99ec87ca9dc_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5f2ba97f71eefadd2a84b031e536619dcf1a0b76ae9225592c05b99ec87ca9dc_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8458e32483b897e156a5688ec6d96af2ff897e8c14dafb396c945f7c76b4c368_arm64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8458e32483b897e156a5688ec6d96af2ff897e8c14dafb396c945f7c76b4c368_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8458e32483b897e156a5688ec6d96af2ff897e8c14dafb396c945f7c76b4c368_arm64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ac042b538a7498bf3020c20234966fdbc9b6817aae343985f3bf8ba9fcfdb6d6_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ac042b538a7498bf3020c20234966fdbc9b6817aae343985f3bf8ba9fcfdb6d6_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ac042b538a7498bf3020c20234966fdbc9b6817aae343985f3bf8ba9fcfdb6d6_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:ce217da657cabd3cf9beaff3a3b096309738c33932f2ad33d46b03870598f0c4_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:ce217da657cabd3cf9beaff3a3b096309738c33932f2ad33d46b03870598f0c4_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:ce217da657cabd3cf9beaff3a3b096309738c33932f2ad33d46b03870598f0c4_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:278facca3eaf0c2091ad8575e85ac03aef6e8a52227511e7ee5f62bc2842dac8_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:278facca3eaf0c2091ad8575e85ac03aef6e8a52227511e7ee5f62bc2842dac8_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:278facca3eaf0c2091ad8575e85ac03aef6e8a52227511e7ee5f62bc2842dac8_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:71a6e23a69d7c4723a2653f630c8b02057545c1be65e5f4401490f0364f0d43c_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:71a6e23a69d7c4723a2653f630c8b02057545c1be65e5f4401490f0364f0d43c_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:71a6e23a69d7c4723a2653f630c8b02057545c1be65e5f4401490f0364f0d43c_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a6e6c1f865e6c3e237c36bbb58b3c0e533171303e21cbe4d829d05b497fcd5c7_arm64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6e6c1f865e6c3e237c36bbb58b3c0e533171303e21cbe4d829d05b497fcd5c7_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a6e6c1f865e6c3e237c36bbb58b3c0e533171303e21cbe4d829d05b497fcd5c7_arm64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f4ab11e6a09b983a4af87723877338a79b45c36b3848b0e8032963a330d98467_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f4ab11e6a09b983a4af87723877338a79b45c36b3848b0e8032963a330d98467_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f4ab11e6a09b983a4af87723877338a79b45c36b3848b0e8032963a330d98467_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:628dd4acfe11aef376cc6d75dc7c337c1e487113c2e78e003a3377472b22f488_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:628dd4acfe11aef376cc6d75dc7c337c1e487113c2e78e003a3377472b22f488_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:628dd4acfe11aef376cc6d75dc7c337c1e487113c2e78e003a3377472b22f488_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a6813e5bf29916abf84b2d120a30cda07edf06f735c860ee4d0510ed0c59633b_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:a6813e5bf29916abf84b2d120a30cda07edf06f735c860ee4d0510ed0c59633b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:a6813e5bf29916abf84b2d120a30cda07edf06f735c860ee4d0510ed0c59633b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c7c6fe7ff2592c0fdf51d6e3b0ce657dffcd131c60c00ce680acd89c5c286cee_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c7c6fe7ff2592c0fdf51d6e3b0ce657dffcd131c60c00ce680acd89c5c286cee_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:c7c6fe7ff2592c0fdf51d6e3b0ce657dffcd131c60c00ce680acd89c5c286cee_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f0814d33be7a101b6326fb8a536efc0fe66df764d1efa8ddda021e90e61afda9_arm64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f0814d33be7a101b6326fb8a536efc0fe66df764d1efa8ddda021e90e61afda9_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:f0814d33be7a101b6326fb8a536efc0fe66df764d1efa8ddda021e90e61afda9_arm64",
"relates_to_product_reference": "Red Hat Quay 3.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:02ced94ebfcce3e21bcc71af6aa1c11db50822c91dd05cec4fb41a34e6669112_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:42a67bb2e5ab681eadc253b413f0bf557d63f282f270e6064f5768fecf6886e5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:880c746eb5822f68e41ca7b60d97799115c30f39bdc7e458f7a4101e2af36c8c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ad995b723102f4472e4190257b61582de5c6b058b908bcee7cebe683ae77be75_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:49db4fa7375da6397c45b6c09e10e20f5855348e21812d64474c3adec7f1cbdd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:235d66a1ef93f2ae13266709a30698d444d6e481b8edbdb252d49d9aea4b76ce_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26a27da8aa0da9a6673907fe35de61cc93932386070dc3d7ad348e8c086b19d7_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:97dd28bc0b588ffc8fd9a171a946580c0572eb6fb34c85d5e1b799a12cf22574_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b6179970b9060f74475ccd25cbb8f8a098ed5e71afb444058156e91e8a51d5a9_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:60638663af472a24a79cc4a6ec7d4d78a3d10b0e09eec80f6da6855277ff139b_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8ca3e5903314362c191c6acd1d3865436d85daf50e284760da21e28f473a8ee5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9a8d1b2e4b0497f96cbbdfa90d96239da9da8329917adca696ea6f0e20d2c2c0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c622550fb4630be48a1a6e1a8f9337718e4f934b5e5cd23bcc4300beb03eeeae_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:76dd5f7b326afb6c72515daed8e65331f98cb7ad514612c06c85f14de6b525e4_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:7cfa21df6e22c2157d2eb65b5e226863a121c8e661a1869b585ca0656fb6013a_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:9b69aadfde5c4cbde98f496c54ce396d1daa5277b8f59577f22855345604442e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:decf4b7e1917a2c551ea095c9798a65237879369e9f736a44b885e2589e5c05b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:878b011b86512d01021feb10cdd54608a3ab68d2f3db5a1d53ce8feaa9e56878_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:54003d9396862c6e3b675455ac8c0159662a6640bb889ffb34516d2d091275de_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5f2ba97f71eefadd2a84b031e536619dcf1a0b76ae9225592c05b99ec87ca9dc_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8458e32483b897e156a5688ec6d96af2ff897e8c14dafb396c945f7c76b4c368_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ac042b538a7498bf3020c20234966fdbc9b6817aae343985f3bf8ba9fcfdb6d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:ce217da657cabd3cf9beaff3a3b096309738c33932f2ad33d46b03870598f0c4_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:628dd4acfe11aef376cc6d75dc7c337c1e487113c2e78e003a3377472b22f488_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:a6813e5bf29916abf84b2d120a30cda07edf06f735c860ee4d0510ed0c59633b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c7c6fe7ff2592c0fdf51d6e3b0ce657dffcd131c60c00ce680acd89c5c286cee_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f0814d33be7a101b6326fb8a536efc0fe66df764d1efa8ddda021e90e61afda9_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:278facca3eaf0c2091ad8575e85ac03aef6e8a52227511e7ee5f62bc2842dac8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:71a6e23a69d7c4723a2653f630c8b02057545c1be65e5f4401490f0364f0d43c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6e6c1f865e6c3e237c36bbb58b3c0e533171303e21cbe4d829d05b497fcd5c7_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f4ab11e6a09b983a4af87723877338a79b45c36b3848b0e8032963a330d98467_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:02ced94ebfcce3e21bcc71af6aa1c11db50822c91dd05cec4fb41a34e6669112_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:42a67bb2e5ab681eadc253b413f0bf557d63f282f270e6064f5768fecf6886e5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:880c746eb5822f68e41ca7b60d97799115c30f39bdc7e458f7a4101e2af36c8c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ad995b723102f4472e4190257b61582de5c6b058b908bcee7cebe683ae77be75_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:49db4fa7375da6397c45b6c09e10e20f5855348e21812d64474c3adec7f1cbdd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:235d66a1ef93f2ae13266709a30698d444d6e481b8edbdb252d49d9aea4b76ce_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26a27da8aa0da9a6673907fe35de61cc93932386070dc3d7ad348e8c086b19d7_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:97dd28bc0b588ffc8fd9a171a946580c0572eb6fb34c85d5e1b799a12cf22574_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b6179970b9060f74475ccd25cbb8f8a098ed5e71afb444058156e91e8a51d5a9_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:60638663af472a24a79cc4a6ec7d4d78a3d10b0e09eec80f6da6855277ff139b_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8ca3e5903314362c191c6acd1d3865436d85daf50e284760da21e28f473a8ee5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9a8d1b2e4b0497f96cbbdfa90d96239da9da8329917adca696ea6f0e20d2c2c0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c622550fb4630be48a1a6e1a8f9337718e4f934b5e5cd23bcc4300beb03eeeae_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:76dd5f7b326afb6c72515daed8e65331f98cb7ad514612c06c85f14de6b525e4_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:7cfa21df6e22c2157d2eb65b5e226863a121c8e661a1869b585ca0656fb6013a_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:9b69aadfde5c4cbde98f496c54ce396d1daa5277b8f59577f22855345604442e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:decf4b7e1917a2c551ea095c9798a65237879369e9f736a44b885e2589e5c05b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:878b011b86512d01021feb10cdd54608a3ab68d2f3db5a1d53ce8feaa9e56878_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:54003d9396862c6e3b675455ac8c0159662a6640bb889ffb34516d2d091275de_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5f2ba97f71eefadd2a84b031e536619dcf1a0b76ae9225592c05b99ec87ca9dc_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8458e32483b897e156a5688ec6d96af2ff897e8c14dafb396c945f7c76b4c368_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ac042b538a7498bf3020c20234966fdbc9b6817aae343985f3bf8ba9fcfdb6d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:ce217da657cabd3cf9beaff3a3b096309738c33932f2ad33d46b03870598f0c4_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:628dd4acfe11aef376cc6d75dc7c337c1e487113c2e78e003a3377472b22f488_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:a6813e5bf29916abf84b2d120a30cda07edf06f735c860ee4d0510ed0c59633b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c7c6fe7ff2592c0fdf51d6e3b0ce657dffcd131c60c00ce680acd89c5c286cee_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f0814d33be7a101b6326fb8a536efc0fe66df764d1efa8ddda021e90e61afda9_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-27T14:54:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:278facca3eaf0c2091ad8575e85ac03aef6e8a52227511e7ee5f62bc2842dac8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:71a6e23a69d7c4723a2653f630c8b02057545c1be65e5f4401490f0364f0d43c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6e6c1f865e6c3e237c36bbb58b3c0e533171303e21cbe4d829d05b497fcd5c7_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f4ab11e6a09b983a4af87723877338a79b45c36b3848b0e8032963a330d98467_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22287"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:02ced94ebfcce3e21bcc71af6aa1c11db50822c91dd05cec4fb41a34e6669112_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:42a67bb2e5ab681eadc253b413f0bf557d63f282f270e6064f5768fecf6886e5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:880c746eb5822f68e41ca7b60d97799115c30f39bdc7e458f7a4101e2af36c8c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ad995b723102f4472e4190257b61582de5c6b058b908bcee7cebe683ae77be75_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:49db4fa7375da6397c45b6c09e10e20f5855348e21812d64474c3adec7f1cbdd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:235d66a1ef93f2ae13266709a30698d444d6e481b8edbdb252d49d9aea4b76ce_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26a27da8aa0da9a6673907fe35de61cc93932386070dc3d7ad348e8c086b19d7_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:97dd28bc0b588ffc8fd9a171a946580c0572eb6fb34c85d5e1b799a12cf22574_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b6179970b9060f74475ccd25cbb8f8a098ed5e71afb444058156e91e8a51d5a9_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:60638663af472a24a79cc4a6ec7d4d78a3d10b0e09eec80f6da6855277ff139b_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8ca3e5903314362c191c6acd1d3865436d85daf50e284760da21e28f473a8ee5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9a8d1b2e4b0497f96cbbdfa90d96239da9da8329917adca696ea6f0e20d2c2c0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c622550fb4630be48a1a6e1a8f9337718e4f934b5e5cd23bcc4300beb03eeeae_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:76dd5f7b326afb6c72515daed8e65331f98cb7ad514612c06c85f14de6b525e4_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:7cfa21df6e22c2157d2eb65b5e226863a121c8e661a1869b585ca0656fb6013a_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:9b69aadfde5c4cbde98f496c54ce396d1daa5277b8f59577f22855345604442e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:decf4b7e1917a2c551ea095c9798a65237879369e9f736a44b885e2589e5c05b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:878b011b86512d01021feb10cdd54608a3ab68d2f3db5a1d53ce8feaa9e56878_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:54003d9396862c6e3b675455ac8c0159662a6640bb889ffb34516d2d091275de_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5f2ba97f71eefadd2a84b031e536619dcf1a0b76ae9225592c05b99ec87ca9dc_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8458e32483b897e156a5688ec6d96af2ff897e8c14dafb396c945f7c76b4c368_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ac042b538a7498bf3020c20234966fdbc9b6817aae343985f3bf8ba9fcfdb6d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:ce217da657cabd3cf9beaff3a3b096309738c33932f2ad33d46b03870598f0c4_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:278facca3eaf0c2091ad8575e85ac03aef6e8a52227511e7ee5f62bc2842dac8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:71a6e23a69d7c4723a2653f630c8b02057545c1be65e5f4401490f0364f0d43c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6e6c1f865e6c3e237c36bbb58b3c0e533171303e21cbe4d829d05b497fcd5c7_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f4ab11e6a09b983a4af87723877338a79b45c36b3848b0e8032963a330d98467_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:628dd4acfe11aef376cc6d75dc7c337c1e487113c2e78e003a3377472b22f488_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:a6813e5bf29916abf84b2d120a30cda07edf06f735c860ee4d0510ed0c59633b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c7c6fe7ff2592c0fdf51d6e3b0ce657dffcd131c60c00ce680acd89c5c286cee_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f0814d33be7a101b6326fb8a536efc0fe66df764d1efa8ddda021e90e61afda9_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:02ced94ebfcce3e21bcc71af6aa1c11db50822c91dd05cec4fb41a34e6669112_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:42a67bb2e5ab681eadc253b413f0bf557d63f282f270e6064f5768fecf6886e5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:880c746eb5822f68e41ca7b60d97799115c30f39bdc7e458f7a4101e2af36c8c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ad995b723102f4472e4190257b61582de5c6b058b908bcee7cebe683ae77be75_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:49db4fa7375da6397c45b6c09e10e20f5855348e21812d64474c3adec7f1cbdd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:235d66a1ef93f2ae13266709a30698d444d6e481b8edbdb252d49d9aea4b76ce_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26a27da8aa0da9a6673907fe35de61cc93932386070dc3d7ad348e8c086b19d7_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:97dd28bc0b588ffc8fd9a171a946580c0572eb6fb34c85d5e1b799a12cf22574_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b6179970b9060f74475ccd25cbb8f8a098ed5e71afb444058156e91e8a51d5a9_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:60638663af472a24a79cc4a6ec7d4d78a3d10b0e09eec80f6da6855277ff139b_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8ca3e5903314362c191c6acd1d3865436d85daf50e284760da21e28f473a8ee5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9a8d1b2e4b0497f96cbbdfa90d96239da9da8329917adca696ea6f0e20d2c2c0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c622550fb4630be48a1a6e1a8f9337718e4f934b5e5cd23bcc4300beb03eeeae_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:76dd5f7b326afb6c72515daed8e65331f98cb7ad514612c06c85f14de6b525e4_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:7cfa21df6e22c2157d2eb65b5e226863a121c8e661a1869b585ca0656fb6013a_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:9b69aadfde5c4cbde98f496c54ce396d1daa5277b8f59577f22855345604442e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:decf4b7e1917a2c551ea095c9798a65237879369e9f736a44b885e2589e5c05b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:878b011b86512d01021feb10cdd54608a3ab68d2f3db5a1d53ce8feaa9e56878_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:54003d9396862c6e3b675455ac8c0159662a6640bb889ffb34516d2d091275de_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5f2ba97f71eefadd2a84b031e536619dcf1a0b76ae9225592c05b99ec87ca9dc_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8458e32483b897e156a5688ec6d96af2ff897e8c14dafb396c945f7c76b4c368_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ac042b538a7498bf3020c20234966fdbc9b6817aae343985f3bf8ba9fcfdb6d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:ce217da657cabd3cf9beaff3a3b096309738c33932f2ad33d46b03870598f0c4_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:278facca3eaf0c2091ad8575e85ac03aef6e8a52227511e7ee5f62bc2842dac8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:71a6e23a69d7c4723a2653f630c8b02057545c1be65e5f4401490f0364f0d43c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6e6c1f865e6c3e237c36bbb58b3c0e533171303e21cbe4d829d05b497fcd5c7_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f4ab11e6a09b983a4af87723877338a79b45c36b3848b0e8032963a330d98467_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:628dd4acfe11aef376cc6d75dc7c337c1e487113c2e78e003a3377472b22f488_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:a6813e5bf29916abf84b2d120a30cda07edf06f735c860ee4d0510ed0c59633b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c7c6fe7ff2592c0fdf51d6e3b0ce657dffcd131c60c00ce680acd89c5c286cee_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f0814d33be7a101b6326fb8a536efc0fe66df764d1efa8ddda021e90e61afda9_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:02ced94ebfcce3e21bcc71af6aa1c11db50822c91dd05cec4fb41a34e6669112_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:42a67bb2e5ab681eadc253b413f0bf557d63f282f270e6064f5768fecf6886e5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:880c746eb5822f68e41ca7b60d97799115c30f39bdc7e458f7a4101e2af36c8c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ad995b723102f4472e4190257b61582de5c6b058b908bcee7cebe683ae77be75_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:49db4fa7375da6397c45b6c09e10e20f5855348e21812d64474c3adec7f1cbdd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:235d66a1ef93f2ae13266709a30698d444d6e481b8edbdb252d49d9aea4b76ce_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26a27da8aa0da9a6673907fe35de61cc93932386070dc3d7ad348e8c086b19d7_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:97dd28bc0b588ffc8fd9a171a946580c0572eb6fb34c85d5e1b799a12cf22574_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b6179970b9060f74475ccd25cbb8f8a098ed5e71afb444058156e91e8a51d5a9_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:60638663af472a24a79cc4a6ec7d4d78a3d10b0e09eec80f6da6855277ff139b_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8ca3e5903314362c191c6acd1d3865436d85daf50e284760da21e28f473a8ee5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9a8d1b2e4b0497f96cbbdfa90d96239da9da8329917adca696ea6f0e20d2c2c0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c622550fb4630be48a1a6e1a8f9337718e4f934b5e5cd23bcc4300beb03eeeae_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:76dd5f7b326afb6c72515daed8e65331f98cb7ad514612c06c85f14de6b525e4_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:7cfa21df6e22c2157d2eb65b5e226863a121c8e661a1869b585ca0656fb6013a_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:9b69aadfde5c4cbde98f496c54ce396d1daa5277b8f59577f22855345604442e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:decf4b7e1917a2c551ea095c9798a65237879369e9f736a44b885e2589e5c05b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:878b011b86512d01021feb10cdd54608a3ab68d2f3db5a1d53ce8feaa9e56878_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:54003d9396862c6e3b675455ac8c0159662a6640bb889ffb34516d2d091275de_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5f2ba97f71eefadd2a84b031e536619dcf1a0b76ae9225592c05b99ec87ca9dc_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8458e32483b897e156a5688ec6d96af2ff897e8c14dafb396c945f7c76b4c368_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ac042b538a7498bf3020c20234966fdbc9b6817aae343985f3bf8ba9fcfdb6d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:ce217da657cabd3cf9beaff3a3b096309738c33932f2ad33d46b03870598f0c4_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:628dd4acfe11aef376cc6d75dc7c337c1e487113c2e78e003a3377472b22f488_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:a6813e5bf29916abf84b2d120a30cda07edf06f735c860ee4d0510ed0c59633b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c7c6fe7ff2592c0fdf51d6e3b0ce657dffcd131c60c00ce680acd89c5c286cee_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f0814d33be7a101b6326fb8a536efc0fe66df764d1efa8ddda021e90e61afda9_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:278facca3eaf0c2091ad8575e85ac03aef6e8a52227511e7ee5f62bc2842dac8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:71a6e23a69d7c4723a2653f630c8b02057545c1be65e5f4401490f0364f0d43c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6e6c1f865e6c3e237c36bbb58b3c0e533171303e21cbe4d829d05b497fcd5c7_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f4ab11e6a09b983a4af87723877338a79b45c36b3848b0e8032963a330d98467_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:02ced94ebfcce3e21bcc71af6aa1c11db50822c91dd05cec4fb41a34e6669112_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:42a67bb2e5ab681eadc253b413f0bf557d63f282f270e6064f5768fecf6886e5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:880c746eb5822f68e41ca7b60d97799115c30f39bdc7e458f7a4101e2af36c8c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ad995b723102f4472e4190257b61582de5c6b058b908bcee7cebe683ae77be75_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:49db4fa7375da6397c45b6c09e10e20f5855348e21812d64474c3adec7f1cbdd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:235d66a1ef93f2ae13266709a30698d444d6e481b8edbdb252d49d9aea4b76ce_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26a27da8aa0da9a6673907fe35de61cc93932386070dc3d7ad348e8c086b19d7_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:97dd28bc0b588ffc8fd9a171a946580c0572eb6fb34c85d5e1b799a12cf22574_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b6179970b9060f74475ccd25cbb8f8a098ed5e71afb444058156e91e8a51d5a9_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:60638663af472a24a79cc4a6ec7d4d78a3d10b0e09eec80f6da6855277ff139b_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8ca3e5903314362c191c6acd1d3865436d85daf50e284760da21e28f473a8ee5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9a8d1b2e4b0497f96cbbdfa90d96239da9da8329917adca696ea6f0e20d2c2c0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c622550fb4630be48a1a6e1a8f9337718e4f934b5e5cd23bcc4300beb03eeeae_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:76dd5f7b326afb6c72515daed8e65331f98cb7ad514612c06c85f14de6b525e4_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:7cfa21df6e22c2157d2eb65b5e226863a121c8e661a1869b585ca0656fb6013a_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:9b69aadfde5c4cbde98f496c54ce396d1daa5277b8f59577f22855345604442e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:decf4b7e1917a2c551ea095c9798a65237879369e9f736a44b885e2589e5c05b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:878b011b86512d01021feb10cdd54608a3ab68d2f3db5a1d53ce8feaa9e56878_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:54003d9396862c6e3b675455ac8c0159662a6640bb889ffb34516d2d091275de_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5f2ba97f71eefadd2a84b031e536619dcf1a0b76ae9225592c05b99ec87ca9dc_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8458e32483b897e156a5688ec6d96af2ff897e8c14dafb396c945f7c76b4c368_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ac042b538a7498bf3020c20234966fdbc9b6817aae343985f3bf8ba9fcfdb6d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:ce217da657cabd3cf9beaff3a3b096309738c33932f2ad33d46b03870598f0c4_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:628dd4acfe11aef376cc6d75dc7c337c1e487113c2e78e003a3377472b22f488_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:a6813e5bf29916abf84b2d120a30cda07edf06f735c860ee4d0510ed0c59633b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c7c6fe7ff2592c0fdf51d6e3b0ce657dffcd131c60c00ce680acd89c5c286cee_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f0814d33be7a101b6326fb8a536efc0fe66df764d1efa8ddda021e90e61afda9_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-27T14:54:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:278facca3eaf0c2091ad8575e85ac03aef6e8a52227511e7ee5f62bc2842dac8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:71a6e23a69d7c4723a2653f630c8b02057545c1be65e5f4401490f0364f0d43c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6e6c1f865e6c3e237c36bbb58b3c0e533171303e21cbe4d829d05b497fcd5c7_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f4ab11e6a09b983a4af87723877338a79b45c36b3848b0e8032963a330d98467_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22287"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:02ced94ebfcce3e21bcc71af6aa1c11db50822c91dd05cec4fb41a34e6669112_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:42a67bb2e5ab681eadc253b413f0bf557d63f282f270e6064f5768fecf6886e5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:880c746eb5822f68e41ca7b60d97799115c30f39bdc7e458f7a4101e2af36c8c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ad995b723102f4472e4190257b61582de5c6b058b908bcee7cebe683ae77be75_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:49db4fa7375da6397c45b6c09e10e20f5855348e21812d64474c3adec7f1cbdd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:235d66a1ef93f2ae13266709a30698d444d6e481b8edbdb252d49d9aea4b76ce_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26a27da8aa0da9a6673907fe35de61cc93932386070dc3d7ad348e8c086b19d7_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:97dd28bc0b588ffc8fd9a171a946580c0572eb6fb34c85d5e1b799a12cf22574_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b6179970b9060f74475ccd25cbb8f8a098ed5e71afb444058156e91e8a51d5a9_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:60638663af472a24a79cc4a6ec7d4d78a3d10b0e09eec80f6da6855277ff139b_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8ca3e5903314362c191c6acd1d3865436d85daf50e284760da21e28f473a8ee5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9a8d1b2e4b0497f96cbbdfa90d96239da9da8329917adca696ea6f0e20d2c2c0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c622550fb4630be48a1a6e1a8f9337718e4f934b5e5cd23bcc4300beb03eeeae_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:76dd5f7b326afb6c72515daed8e65331f98cb7ad514612c06c85f14de6b525e4_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:7cfa21df6e22c2157d2eb65b5e226863a121c8e661a1869b585ca0656fb6013a_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:9b69aadfde5c4cbde98f496c54ce396d1daa5277b8f59577f22855345604442e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:decf4b7e1917a2c551ea095c9798a65237879369e9f736a44b885e2589e5c05b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:878b011b86512d01021feb10cdd54608a3ab68d2f3db5a1d53ce8feaa9e56878_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:54003d9396862c6e3b675455ac8c0159662a6640bb889ffb34516d2d091275de_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5f2ba97f71eefadd2a84b031e536619dcf1a0b76ae9225592c05b99ec87ca9dc_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8458e32483b897e156a5688ec6d96af2ff897e8c14dafb396c945f7c76b4c368_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ac042b538a7498bf3020c20234966fdbc9b6817aae343985f3bf8ba9fcfdb6d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:ce217da657cabd3cf9beaff3a3b096309738c33932f2ad33d46b03870598f0c4_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:278facca3eaf0c2091ad8575e85ac03aef6e8a52227511e7ee5f62bc2842dac8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:71a6e23a69d7c4723a2653f630c8b02057545c1be65e5f4401490f0364f0d43c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6e6c1f865e6c3e237c36bbb58b3c0e533171303e21cbe4d829d05b497fcd5c7_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f4ab11e6a09b983a4af87723877338a79b45c36b3848b0e8032963a330d98467_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:628dd4acfe11aef376cc6d75dc7c337c1e487113c2e78e003a3377472b22f488_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:a6813e5bf29916abf84b2d120a30cda07edf06f735c860ee4d0510ed0c59633b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c7c6fe7ff2592c0fdf51d6e3b0ce657dffcd131c60c00ce680acd89c5c286cee_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f0814d33be7a101b6326fb8a536efc0fe66df764d1efa8ddda021e90e61afda9_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:02ced94ebfcce3e21bcc71af6aa1c11db50822c91dd05cec4fb41a34e6669112_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:42a67bb2e5ab681eadc253b413f0bf557d63f282f270e6064f5768fecf6886e5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:880c746eb5822f68e41ca7b60d97799115c30f39bdc7e458f7a4101e2af36c8c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ad995b723102f4472e4190257b61582de5c6b058b908bcee7cebe683ae77be75_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:49db4fa7375da6397c45b6c09e10e20f5855348e21812d64474c3adec7f1cbdd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:235d66a1ef93f2ae13266709a30698d444d6e481b8edbdb252d49d9aea4b76ce_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26a27da8aa0da9a6673907fe35de61cc93932386070dc3d7ad348e8c086b19d7_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:97dd28bc0b588ffc8fd9a171a946580c0572eb6fb34c85d5e1b799a12cf22574_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b6179970b9060f74475ccd25cbb8f8a098ed5e71afb444058156e91e8a51d5a9_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:60638663af472a24a79cc4a6ec7d4d78a3d10b0e09eec80f6da6855277ff139b_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8ca3e5903314362c191c6acd1d3865436d85daf50e284760da21e28f473a8ee5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9a8d1b2e4b0497f96cbbdfa90d96239da9da8329917adca696ea6f0e20d2c2c0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c622550fb4630be48a1a6e1a8f9337718e4f934b5e5cd23bcc4300beb03eeeae_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:76dd5f7b326afb6c72515daed8e65331f98cb7ad514612c06c85f14de6b525e4_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:7cfa21df6e22c2157d2eb65b5e226863a121c8e661a1869b585ca0656fb6013a_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:9b69aadfde5c4cbde98f496c54ce396d1daa5277b8f59577f22855345604442e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:decf4b7e1917a2c551ea095c9798a65237879369e9f736a44b885e2589e5c05b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:878b011b86512d01021feb10cdd54608a3ab68d2f3db5a1d53ce8feaa9e56878_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:54003d9396862c6e3b675455ac8c0159662a6640bb889ffb34516d2d091275de_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5f2ba97f71eefadd2a84b031e536619dcf1a0b76ae9225592c05b99ec87ca9dc_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8458e32483b897e156a5688ec6d96af2ff897e8c14dafb396c945f7c76b4c368_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ac042b538a7498bf3020c20234966fdbc9b6817aae343985f3bf8ba9fcfdb6d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:ce217da657cabd3cf9beaff3a3b096309738c33932f2ad33d46b03870598f0c4_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:278facca3eaf0c2091ad8575e85ac03aef6e8a52227511e7ee5f62bc2842dac8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:71a6e23a69d7c4723a2653f630c8b02057545c1be65e5f4401490f0364f0d43c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6e6c1f865e6c3e237c36bbb58b3c0e533171303e21cbe4d829d05b497fcd5c7_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f4ab11e6a09b983a4af87723877338a79b45c36b3848b0e8032963a330d98467_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:628dd4acfe11aef376cc6d75dc7c337c1e487113c2e78e003a3377472b22f488_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:a6813e5bf29916abf84b2d120a30cda07edf06f735c860ee4d0510ed0c59633b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c7c6fe7ff2592c0fdf51d6e3b0ce657dffcd131c60c00ce680acd89c5c286cee_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f0814d33be7a101b6326fb8a536efc0fe66df764d1efa8ddda021e90e61afda9_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:02ced94ebfcce3e21bcc71af6aa1c11db50822c91dd05cec4fb41a34e6669112_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:42a67bb2e5ab681eadc253b413f0bf557d63f282f270e6064f5768fecf6886e5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:880c746eb5822f68e41ca7b60d97799115c30f39bdc7e458f7a4101e2af36c8c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ad995b723102f4472e4190257b61582de5c6b058b908bcee7cebe683ae77be75_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:49db4fa7375da6397c45b6c09e10e20f5855348e21812d64474c3adec7f1cbdd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:235d66a1ef93f2ae13266709a30698d444d6e481b8edbdb252d49d9aea4b76ce_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26a27da8aa0da9a6673907fe35de61cc93932386070dc3d7ad348e8c086b19d7_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:97dd28bc0b588ffc8fd9a171a946580c0572eb6fb34c85d5e1b799a12cf22574_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b6179970b9060f74475ccd25cbb8f8a098ed5e71afb444058156e91e8a51d5a9_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:60638663af472a24a79cc4a6ec7d4d78a3d10b0e09eec80f6da6855277ff139b_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8ca3e5903314362c191c6acd1d3865436d85daf50e284760da21e28f473a8ee5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9a8d1b2e4b0497f96cbbdfa90d96239da9da8329917adca696ea6f0e20d2c2c0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c622550fb4630be48a1a6e1a8f9337718e4f934b5e5cd23bcc4300beb03eeeae_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:76dd5f7b326afb6c72515daed8e65331f98cb7ad514612c06c85f14de6b525e4_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:7cfa21df6e22c2157d2eb65b5e226863a121c8e661a1869b585ca0656fb6013a_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:9b69aadfde5c4cbde98f496c54ce396d1daa5277b8f59577f22855345604442e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:decf4b7e1917a2c551ea095c9798a65237879369e9f736a44b885e2589e5c05b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:878b011b86512d01021feb10cdd54608a3ab68d2f3db5a1d53ce8feaa9e56878_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:54003d9396862c6e3b675455ac8c0159662a6640bb889ffb34516d2d091275de_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5f2ba97f71eefadd2a84b031e536619dcf1a0b76ae9225592c05b99ec87ca9dc_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8458e32483b897e156a5688ec6d96af2ff897e8c14dafb396c945f7c76b4c368_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ac042b538a7498bf3020c20234966fdbc9b6817aae343985f3bf8ba9fcfdb6d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:ce217da657cabd3cf9beaff3a3b096309738c33932f2ad33d46b03870598f0c4_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:628dd4acfe11aef376cc6d75dc7c337c1e487113c2e78e003a3377472b22f488_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:a6813e5bf29916abf84b2d120a30cda07edf06f735c860ee4d0510ed0c59633b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c7c6fe7ff2592c0fdf51d6e3b0ce657dffcd131c60c00ce680acd89c5c286cee_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f0814d33be7a101b6326fb8a536efc0fe66df764d1efa8ddda021e90e61afda9_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:278facca3eaf0c2091ad8575e85ac03aef6e8a52227511e7ee5f62bc2842dac8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:71a6e23a69d7c4723a2653f630c8b02057545c1be65e5f4401490f0364f0d43c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6e6c1f865e6c3e237c36bbb58b3c0e533171303e21cbe4d829d05b497fcd5c7_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f4ab11e6a09b983a4af87723877338a79b45c36b3848b0e8032963a330d98467_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:02ced94ebfcce3e21bcc71af6aa1c11db50822c91dd05cec4fb41a34e6669112_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:42a67bb2e5ab681eadc253b413f0bf557d63f282f270e6064f5768fecf6886e5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:880c746eb5822f68e41ca7b60d97799115c30f39bdc7e458f7a4101e2af36c8c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ad995b723102f4472e4190257b61582de5c6b058b908bcee7cebe683ae77be75_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:49db4fa7375da6397c45b6c09e10e20f5855348e21812d64474c3adec7f1cbdd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:235d66a1ef93f2ae13266709a30698d444d6e481b8edbdb252d49d9aea4b76ce_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26a27da8aa0da9a6673907fe35de61cc93932386070dc3d7ad348e8c086b19d7_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:97dd28bc0b588ffc8fd9a171a946580c0572eb6fb34c85d5e1b799a12cf22574_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b6179970b9060f74475ccd25cbb8f8a098ed5e71afb444058156e91e8a51d5a9_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:60638663af472a24a79cc4a6ec7d4d78a3d10b0e09eec80f6da6855277ff139b_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8ca3e5903314362c191c6acd1d3865436d85daf50e284760da21e28f473a8ee5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9a8d1b2e4b0497f96cbbdfa90d96239da9da8329917adca696ea6f0e20d2c2c0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c622550fb4630be48a1a6e1a8f9337718e4f934b5e5cd23bcc4300beb03eeeae_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:76dd5f7b326afb6c72515daed8e65331f98cb7ad514612c06c85f14de6b525e4_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:7cfa21df6e22c2157d2eb65b5e226863a121c8e661a1869b585ca0656fb6013a_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:9b69aadfde5c4cbde98f496c54ce396d1daa5277b8f59577f22855345604442e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:decf4b7e1917a2c551ea095c9798a65237879369e9f736a44b885e2589e5c05b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:878b011b86512d01021feb10cdd54608a3ab68d2f3db5a1d53ce8feaa9e56878_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:54003d9396862c6e3b675455ac8c0159662a6640bb889ffb34516d2d091275de_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5f2ba97f71eefadd2a84b031e536619dcf1a0b76ae9225592c05b99ec87ca9dc_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8458e32483b897e156a5688ec6d96af2ff897e8c14dafb396c945f7c76b4c368_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ac042b538a7498bf3020c20234966fdbc9b6817aae343985f3bf8ba9fcfdb6d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:ce217da657cabd3cf9beaff3a3b096309738c33932f2ad33d46b03870598f0c4_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:628dd4acfe11aef376cc6d75dc7c337c1e487113c2e78e003a3377472b22f488_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:a6813e5bf29916abf84b2d120a30cda07edf06f735c860ee4d0510ed0c59633b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c7c6fe7ff2592c0fdf51d6e3b0ce657dffcd131c60c00ce680acd89c5c286cee_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f0814d33be7a101b6326fb8a536efc0fe66df764d1efa8ddda021e90e61afda9_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-27T14:54:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:278facca3eaf0c2091ad8575e85ac03aef6e8a52227511e7ee5f62bc2842dac8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:71a6e23a69d7c4723a2653f630c8b02057545c1be65e5f4401490f0364f0d43c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6e6c1f865e6c3e237c36bbb58b3c0e533171303e21cbe4d829d05b497fcd5c7_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f4ab11e6a09b983a4af87723877338a79b45c36b3848b0e8032963a330d98467_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22287"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:02ced94ebfcce3e21bcc71af6aa1c11db50822c91dd05cec4fb41a34e6669112_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:42a67bb2e5ab681eadc253b413f0bf557d63f282f270e6064f5768fecf6886e5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:880c746eb5822f68e41ca7b60d97799115c30f39bdc7e458f7a4101e2af36c8c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ad995b723102f4472e4190257b61582de5c6b058b908bcee7cebe683ae77be75_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:49db4fa7375da6397c45b6c09e10e20f5855348e21812d64474c3adec7f1cbdd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:235d66a1ef93f2ae13266709a30698d444d6e481b8edbdb252d49d9aea4b76ce_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26a27da8aa0da9a6673907fe35de61cc93932386070dc3d7ad348e8c086b19d7_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:97dd28bc0b588ffc8fd9a171a946580c0572eb6fb34c85d5e1b799a12cf22574_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b6179970b9060f74475ccd25cbb8f8a098ed5e71afb444058156e91e8a51d5a9_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:60638663af472a24a79cc4a6ec7d4d78a3d10b0e09eec80f6da6855277ff139b_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8ca3e5903314362c191c6acd1d3865436d85daf50e284760da21e28f473a8ee5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9a8d1b2e4b0497f96cbbdfa90d96239da9da8329917adca696ea6f0e20d2c2c0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c622550fb4630be48a1a6e1a8f9337718e4f934b5e5cd23bcc4300beb03eeeae_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:76dd5f7b326afb6c72515daed8e65331f98cb7ad514612c06c85f14de6b525e4_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:7cfa21df6e22c2157d2eb65b5e226863a121c8e661a1869b585ca0656fb6013a_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:9b69aadfde5c4cbde98f496c54ce396d1daa5277b8f59577f22855345604442e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:decf4b7e1917a2c551ea095c9798a65237879369e9f736a44b885e2589e5c05b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:878b011b86512d01021feb10cdd54608a3ab68d2f3db5a1d53ce8feaa9e56878_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:54003d9396862c6e3b675455ac8c0159662a6640bb889ffb34516d2d091275de_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5f2ba97f71eefadd2a84b031e536619dcf1a0b76ae9225592c05b99ec87ca9dc_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8458e32483b897e156a5688ec6d96af2ff897e8c14dafb396c945f7c76b4c368_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ac042b538a7498bf3020c20234966fdbc9b6817aae343985f3bf8ba9fcfdb6d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:ce217da657cabd3cf9beaff3a3b096309738c33932f2ad33d46b03870598f0c4_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:278facca3eaf0c2091ad8575e85ac03aef6e8a52227511e7ee5f62bc2842dac8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:71a6e23a69d7c4723a2653f630c8b02057545c1be65e5f4401490f0364f0d43c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6e6c1f865e6c3e237c36bbb58b3c0e533171303e21cbe4d829d05b497fcd5c7_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f4ab11e6a09b983a4af87723877338a79b45c36b3848b0e8032963a330d98467_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:628dd4acfe11aef376cc6d75dc7c337c1e487113c2e78e003a3377472b22f488_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:a6813e5bf29916abf84b2d120a30cda07edf06f735c860ee4d0510ed0c59633b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c7c6fe7ff2592c0fdf51d6e3b0ce657dffcd131c60c00ce680acd89c5c286cee_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f0814d33be7a101b6326fb8a536efc0fe66df764d1efa8ddda021e90e61afda9_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2025-59420",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-09-22T18:01:35.379361+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:02ced94ebfcce3e21bcc71af6aa1c11db50822c91dd05cec4fb41a34e6669112_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:42a67bb2e5ab681eadc253b413f0bf557d63f282f270e6064f5768fecf6886e5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:880c746eb5822f68e41ca7b60d97799115c30f39bdc7e458f7a4101e2af36c8c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ad995b723102f4472e4190257b61582de5c6b058b908bcee7cebe683ae77be75_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:49db4fa7375da6397c45b6c09e10e20f5855348e21812d64474c3adec7f1cbdd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:235d66a1ef93f2ae13266709a30698d444d6e481b8edbdb252d49d9aea4b76ce_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26a27da8aa0da9a6673907fe35de61cc93932386070dc3d7ad348e8c086b19d7_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:97dd28bc0b588ffc8fd9a171a946580c0572eb6fb34c85d5e1b799a12cf22574_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b6179970b9060f74475ccd25cbb8f8a098ed5e71afb444058156e91e8a51d5a9_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:60638663af472a24a79cc4a6ec7d4d78a3d10b0e09eec80f6da6855277ff139b_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8ca3e5903314362c191c6acd1d3865436d85daf50e284760da21e28f473a8ee5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9a8d1b2e4b0497f96cbbdfa90d96239da9da8329917adca696ea6f0e20d2c2c0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c622550fb4630be48a1a6e1a8f9337718e4f934b5e5cd23bcc4300beb03eeeae_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:76dd5f7b326afb6c72515daed8e65331f98cb7ad514612c06c85f14de6b525e4_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:7cfa21df6e22c2157d2eb65b5e226863a121c8e661a1869b585ca0656fb6013a_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:9b69aadfde5c4cbde98f496c54ce396d1daa5277b8f59577f22855345604442e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:decf4b7e1917a2c551ea095c9798a65237879369e9f736a44b885e2589e5c05b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:878b011b86512d01021feb10cdd54608a3ab68d2f3db5a1d53ce8feaa9e56878_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:54003d9396862c6e3b675455ac8c0159662a6640bb889ffb34516d2d091275de_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5f2ba97f71eefadd2a84b031e536619dcf1a0b76ae9225592c05b99ec87ca9dc_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8458e32483b897e156a5688ec6d96af2ff897e8c14dafb396c945f7c76b4c368_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ac042b538a7498bf3020c20234966fdbc9b6817aae343985f3bf8ba9fcfdb6d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:ce217da657cabd3cf9beaff3a3b096309738c33932f2ad33d46b03870598f0c4_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:278facca3eaf0c2091ad8575e85ac03aef6e8a52227511e7ee5f62bc2842dac8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:71a6e23a69d7c4723a2653f630c8b02057545c1be65e5f4401490f0364f0d43c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6e6c1f865e6c3e237c36bbb58b3c0e533171303e21cbe4d829d05b497fcd5c7_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f4ab11e6a09b983a4af87723877338a79b45c36b3848b0e8032963a330d98467_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2397460"
}
],
"notes": [
{
"category": "description",
"text": "Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.4, Authlib\u2019s JWS verification accepts tokens that declare unknown critical header parameters (crit), violating RFC 7515 \u201cmust\u2011understand\u201d semantics. An attacker can craft a signed token with a critical header (for example, bork or cnf) that strict verifiers reject but Authlib accepts. In mixed\u2011language fleets, this enables split\u2011brain verification and can lead to policy bypass, replay, or privilege escalation. This issue has been patched in version 1.6.4.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib RFC violation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:628dd4acfe11aef376cc6d75dc7c337c1e487113c2e78e003a3377472b22f488_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:a6813e5bf29916abf84b2d120a30cda07edf06f735c860ee4d0510ed0c59633b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c7c6fe7ff2592c0fdf51d6e3b0ce657dffcd131c60c00ce680acd89c5c286cee_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f0814d33be7a101b6326fb8a536efc0fe66df764d1efa8ddda021e90e61afda9_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:02ced94ebfcce3e21bcc71af6aa1c11db50822c91dd05cec4fb41a34e6669112_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:42a67bb2e5ab681eadc253b413f0bf557d63f282f270e6064f5768fecf6886e5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:880c746eb5822f68e41ca7b60d97799115c30f39bdc7e458f7a4101e2af36c8c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ad995b723102f4472e4190257b61582de5c6b058b908bcee7cebe683ae77be75_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:49db4fa7375da6397c45b6c09e10e20f5855348e21812d64474c3adec7f1cbdd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:235d66a1ef93f2ae13266709a30698d444d6e481b8edbdb252d49d9aea4b76ce_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26a27da8aa0da9a6673907fe35de61cc93932386070dc3d7ad348e8c086b19d7_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:97dd28bc0b588ffc8fd9a171a946580c0572eb6fb34c85d5e1b799a12cf22574_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b6179970b9060f74475ccd25cbb8f8a098ed5e71afb444058156e91e8a51d5a9_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:60638663af472a24a79cc4a6ec7d4d78a3d10b0e09eec80f6da6855277ff139b_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8ca3e5903314362c191c6acd1d3865436d85daf50e284760da21e28f473a8ee5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9a8d1b2e4b0497f96cbbdfa90d96239da9da8329917adca696ea6f0e20d2c2c0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c622550fb4630be48a1a6e1a8f9337718e4f934b5e5cd23bcc4300beb03eeeae_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:76dd5f7b326afb6c72515daed8e65331f98cb7ad514612c06c85f14de6b525e4_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:7cfa21df6e22c2157d2eb65b5e226863a121c8e661a1869b585ca0656fb6013a_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:9b69aadfde5c4cbde98f496c54ce396d1daa5277b8f59577f22855345604442e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:decf4b7e1917a2c551ea095c9798a65237879369e9f736a44b885e2589e5c05b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:878b011b86512d01021feb10cdd54608a3ab68d2f3db5a1d53ce8feaa9e56878_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:54003d9396862c6e3b675455ac8c0159662a6640bb889ffb34516d2d091275de_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5f2ba97f71eefadd2a84b031e536619dcf1a0b76ae9225592c05b99ec87ca9dc_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8458e32483b897e156a5688ec6d96af2ff897e8c14dafb396c945f7c76b4c368_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ac042b538a7498bf3020c20234966fdbc9b6817aae343985f3bf8ba9fcfdb6d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:ce217da657cabd3cf9beaff3a3b096309738c33932f2ad33d46b03870598f0c4_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:278facca3eaf0c2091ad8575e85ac03aef6e8a52227511e7ee5f62bc2842dac8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:71a6e23a69d7c4723a2653f630c8b02057545c1be65e5f4401490f0364f0d43c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6e6c1f865e6c3e237c36bbb58b3c0e533171303e21cbe4d829d05b497fcd5c7_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f4ab11e6a09b983a4af87723877338a79b45c36b3848b0e8032963a330d98467_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59420"
},
{
"category": "external",
"summary": "RHBZ#2397460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397460"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59420"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59420",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59420"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/6b1813e4392eb7c168c276099ff7783b176479df",
"url": "https://github.com/authlib/authlib/commit/6b1813e4392eb7c168c276099ff7783b176479df"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32"
}
],
"release_date": "2025-09-22T17:28:53.869000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-27T14:54:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:628dd4acfe11aef376cc6d75dc7c337c1e487113c2e78e003a3377472b22f488_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:a6813e5bf29916abf84b2d120a30cda07edf06f735c860ee4d0510ed0c59633b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c7c6fe7ff2592c0fdf51d6e3b0ce657dffcd131c60c00ce680acd89c5c286cee_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f0814d33be7a101b6326fb8a536efc0fe66df764d1efa8ddda021e90e61afda9_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22287"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:02ced94ebfcce3e21bcc71af6aa1c11db50822c91dd05cec4fb41a34e6669112_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:42a67bb2e5ab681eadc253b413f0bf557d63f282f270e6064f5768fecf6886e5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:880c746eb5822f68e41ca7b60d97799115c30f39bdc7e458f7a4101e2af36c8c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ad995b723102f4472e4190257b61582de5c6b058b908bcee7cebe683ae77be75_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:49db4fa7375da6397c45b6c09e10e20f5855348e21812d64474c3adec7f1cbdd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:235d66a1ef93f2ae13266709a30698d444d6e481b8edbdb252d49d9aea4b76ce_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26a27da8aa0da9a6673907fe35de61cc93932386070dc3d7ad348e8c086b19d7_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:97dd28bc0b588ffc8fd9a171a946580c0572eb6fb34c85d5e1b799a12cf22574_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b6179970b9060f74475ccd25cbb8f8a098ed5e71afb444058156e91e8a51d5a9_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:60638663af472a24a79cc4a6ec7d4d78a3d10b0e09eec80f6da6855277ff139b_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8ca3e5903314362c191c6acd1d3865436d85daf50e284760da21e28f473a8ee5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9a8d1b2e4b0497f96cbbdfa90d96239da9da8329917adca696ea6f0e20d2c2c0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c622550fb4630be48a1a6e1a8f9337718e4f934b5e5cd23bcc4300beb03eeeae_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:76dd5f7b326afb6c72515daed8e65331f98cb7ad514612c06c85f14de6b525e4_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:7cfa21df6e22c2157d2eb65b5e226863a121c8e661a1869b585ca0656fb6013a_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:9b69aadfde5c4cbde98f496c54ce396d1daa5277b8f59577f22855345604442e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:decf4b7e1917a2c551ea095c9798a65237879369e9f736a44b885e2589e5c05b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:878b011b86512d01021feb10cdd54608a3ab68d2f3db5a1d53ce8feaa9e56878_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:54003d9396862c6e3b675455ac8c0159662a6640bb889ffb34516d2d091275de_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5f2ba97f71eefadd2a84b031e536619dcf1a0b76ae9225592c05b99ec87ca9dc_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8458e32483b897e156a5688ec6d96af2ff897e8c14dafb396c945f7c76b4c368_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ac042b538a7498bf3020c20234966fdbc9b6817aae343985f3bf8ba9fcfdb6d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:ce217da657cabd3cf9beaff3a3b096309738c33932f2ad33d46b03870598f0c4_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:278facca3eaf0c2091ad8575e85ac03aef6e8a52227511e7ee5f62bc2842dac8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:71a6e23a69d7c4723a2653f630c8b02057545c1be65e5f4401490f0364f0d43c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6e6c1f865e6c3e237c36bbb58b3c0e533171303e21cbe4d829d05b497fcd5c7_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f4ab11e6a09b983a4af87723877338a79b45c36b3848b0e8032963a330d98467_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:628dd4acfe11aef376cc6d75dc7c337c1e487113c2e78e003a3377472b22f488_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:a6813e5bf29916abf84b2d120a30cda07edf06f735c860ee4d0510ed0c59633b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c7c6fe7ff2592c0fdf51d6e3b0ce657dffcd131c60c00ce680acd89c5c286cee_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f0814d33be7a101b6326fb8a536efc0fe66df764d1efa8ddda021e90e61afda9_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:02ced94ebfcce3e21bcc71af6aa1c11db50822c91dd05cec4fb41a34e6669112_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:42a67bb2e5ab681eadc253b413f0bf557d63f282f270e6064f5768fecf6886e5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:880c746eb5822f68e41ca7b60d97799115c30f39bdc7e458f7a4101e2af36c8c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ad995b723102f4472e4190257b61582de5c6b058b908bcee7cebe683ae77be75_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:49db4fa7375da6397c45b6c09e10e20f5855348e21812d64474c3adec7f1cbdd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:235d66a1ef93f2ae13266709a30698d444d6e481b8edbdb252d49d9aea4b76ce_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26a27da8aa0da9a6673907fe35de61cc93932386070dc3d7ad348e8c086b19d7_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:97dd28bc0b588ffc8fd9a171a946580c0572eb6fb34c85d5e1b799a12cf22574_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b6179970b9060f74475ccd25cbb8f8a098ed5e71afb444058156e91e8a51d5a9_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:60638663af472a24a79cc4a6ec7d4d78a3d10b0e09eec80f6da6855277ff139b_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8ca3e5903314362c191c6acd1d3865436d85daf50e284760da21e28f473a8ee5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9a8d1b2e4b0497f96cbbdfa90d96239da9da8329917adca696ea6f0e20d2c2c0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c622550fb4630be48a1a6e1a8f9337718e4f934b5e5cd23bcc4300beb03eeeae_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:76dd5f7b326afb6c72515daed8e65331f98cb7ad514612c06c85f14de6b525e4_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:7cfa21df6e22c2157d2eb65b5e226863a121c8e661a1869b585ca0656fb6013a_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:9b69aadfde5c4cbde98f496c54ce396d1daa5277b8f59577f22855345604442e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:decf4b7e1917a2c551ea095c9798a65237879369e9f736a44b885e2589e5c05b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:878b011b86512d01021feb10cdd54608a3ab68d2f3db5a1d53ce8feaa9e56878_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:54003d9396862c6e3b675455ac8c0159662a6640bb889ffb34516d2d091275de_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5f2ba97f71eefadd2a84b031e536619dcf1a0b76ae9225592c05b99ec87ca9dc_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8458e32483b897e156a5688ec6d96af2ff897e8c14dafb396c945f7c76b4c368_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ac042b538a7498bf3020c20234966fdbc9b6817aae343985f3bf8ba9fcfdb6d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:ce217da657cabd3cf9beaff3a3b096309738c33932f2ad33d46b03870598f0c4_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:278facca3eaf0c2091ad8575e85ac03aef6e8a52227511e7ee5f62bc2842dac8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:71a6e23a69d7c4723a2653f630c8b02057545c1be65e5f4401490f0364f0d43c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6e6c1f865e6c3e237c36bbb58b3c0e533171303e21cbe4d829d05b497fcd5c7_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f4ab11e6a09b983a4af87723877338a79b45c36b3848b0e8032963a330d98467_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:628dd4acfe11aef376cc6d75dc7c337c1e487113c2e78e003a3377472b22f488_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:a6813e5bf29916abf84b2d120a30cda07edf06f735c860ee4d0510ed0c59633b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c7c6fe7ff2592c0fdf51d6e3b0ce657dffcd131c60c00ce680acd89c5c286cee_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f0814d33be7a101b6326fb8a536efc0fe66df764d1efa8ddda021e90e61afda9_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib RFC violation"
},
{
"cve": "CVE-2025-61920",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-10T20:01:12.833962+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:02ced94ebfcce3e21bcc71af6aa1c11db50822c91dd05cec4fb41a34e6669112_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:42a67bb2e5ab681eadc253b413f0bf557d63f282f270e6064f5768fecf6886e5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:880c746eb5822f68e41ca7b60d97799115c30f39bdc7e458f7a4101e2af36c8c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ad995b723102f4472e4190257b61582de5c6b058b908bcee7cebe683ae77be75_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:49db4fa7375da6397c45b6c09e10e20f5855348e21812d64474c3adec7f1cbdd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:235d66a1ef93f2ae13266709a30698d444d6e481b8edbdb252d49d9aea4b76ce_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26a27da8aa0da9a6673907fe35de61cc93932386070dc3d7ad348e8c086b19d7_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:97dd28bc0b588ffc8fd9a171a946580c0572eb6fb34c85d5e1b799a12cf22574_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b6179970b9060f74475ccd25cbb8f8a098ed5e71afb444058156e91e8a51d5a9_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:60638663af472a24a79cc4a6ec7d4d78a3d10b0e09eec80f6da6855277ff139b_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8ca3e5903314362c191c6acd1d3865436d85daf50e284760da21e28f473a8ee5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9a8d1b2e4b0497f96cbbdfa90d96239da9da8329917adca696ea6f0e20d2c2c0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c622550fb4630be48a1a6e1a8f9337718e4f934b5e5cd23bcc4300beb03eeeae_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:76dd5f7b326afb6c72515daed8e65331f98cb7ad514612c06c85f14de6b525e4_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:7cfa21df6e22c2157d2eb65b5e226863a121c8e661a1869b585ca0656fb6013a_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:9b69aadfde5c4cbde98f496c54ce396d1daa5277b8f59577f22855345604442e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:decf4b7e1917a2c551ea095c9798a65237879369e9f736a44b885e2589e5c05b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:878b011b86512d01021feb10cdd54608a3ab68d2f3db5a1d53ce8feaa9e56878_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:54003d9396862c6e3b675455ac8c0159662a6640bb889ffb34516d2d091275de_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5f2ba97f71eefadd2a84b031e536619dcf1a0b76ae9225592c05b99ec87ca9dc_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8458e32483b897e156a5688ec6d96af2ff897e8c14dafb396c945f7c76b4c368_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ac042b538a7498bf3020c20234966fdbc9b6817aae343985f3bf8ba9fcfdb6d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:ce217da657cabd3cf9beaff3a3b096309738c33932f2ad33d46b03870598f0c4_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:278facca3eaf0c2091ad8575e85ac03aef6e8a52227511e7ee5f62bc2842dac8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:71a6e23a69d7c4723a2653f630c8b02057545c1be65e5f4401490f0364f0d43c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6e6c1f865e6c3e237c36bbb58b3c0e533171303e21cbe4d829d05b497fcd5c7_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f4ab11e6a09b983a4af87723877338a79b45c36b3848b0e8032963a330d98467_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2403179"
}
],
"notes": [
{
"category": "description",
"text": "Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib\u2019s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url\u2011encoded header or signature spans hundreds of megabytes. During verification, Authlib decodes and parses the full input before it is rejected, driving CPU and memory consumption to hostile levels and enabling denial of service. Version 1.6.5 patches the issue. Some temporary workarounds are available. Enforce input size limits before handing tokens to Authlib and/or use application-level throttling to reduce amplification risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:628dd4acfe11aef376cc6d75dc7c337c1e487113c2e78e003a3377472b22f488_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:a6813e5bf29916abf84b2d120a30cda07edf06f735c860ee4d0510ed0c59633b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c7c6fe7ff2592c0fdf51d6e3b0ce657dffcd131c60c00ce680acd89c5c286cee_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f0814d33be7a101b6326fb8a536efc0fe66df764d1efa8ddda021e90e61afda9_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:02ced94ebfcce3e21bcc71af6aa1c11db50822c91dd05cec4fb41a34e6669112_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:42a67bb2e5ab681eadc253b413f0bf557d63f282f270e6064f5768fecf6886e5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:880c746eb5822f68e41ca7b60d97799115c30f39bdc7e458f7a4101e2af36c8c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ad995b723102f4472e4190257b61582de5c6b058b908bcee7cebe683ae77be75_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:49db4fa7375da6397c45b6c09e10e20f5855348e21812d64474c3adec7f1cbdd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:235d66a1ef93f2ae13266709a30698d444d6e481b8edbdb252d49d9aea4b76ce_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26a27da8aa0da9a6673907fe35de61cc93932386070dc3d7ad348e8c086b19d7_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:97dd28bc0b588ffc8fd9a171a946580c0572eb6fb34c85d5e1b799a12cf22574_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b6179970b9060f74475ccd25cbb8f8a098ed5e71afb444058156e91e8a51d5a9_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:60638663af472a24a79cc4a6ec7d4d78a3d10b0e09eec80f6da6855277ff139b_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8ca3e5903314362c191c6acd1d3865436d85daf50e284760da21e28f473a8ee5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9a8d1b2e4b0497f96cbbdfa90d96239da9da8329917adca696ea6f0e20d2c2c0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c622550fb4630be48a1a6e1a8f9337718e4f934b5e5cd23bcc4300beb03eeeae_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:76dd5f7b326afb6c72515daed8e65331f98cb7ad514612c06c85f14de6b525e4_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:7cfa21df6e22c2157d2eb65b5e226863a121c8e661a1869b585ca0656fb6013a_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:9b69aadfde5c4cbde98f496c54ce396d1daa5277b8f59577f22855345604442e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:decf4b7e1917a2c551ea095c9798a65237879369e9f736a44b885e2589e5c05b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:878b011b86512d01021feb10cdd54608a3ab68d2f3db5a1d53ce8feaa9e56878_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:54003d9396862c6e3b675455ac8c0159662a6640bb889ffb34516d2d091275de_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5f2ba97f71eefadd2a84b031e536619dcf1a0b76ae9225592c05b99ec87ca9dc_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8458e32483b897e156a5688ec6d96af2ff897e8c14dafb396c945f7c76b4c368_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ac042b538a7498bf3020c20234966fdbc9b6817aae343985f3bf8ba9fcfdb6d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:ce217da657cabd3cf9beaff3a3b096309738c33932f2ad33d46b03870598f0c4_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:278facca3eaf0c2091ad8575e85ac03aef6e8a52227511e7ee5f62bc2842dac8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:71a6e23a69d7c4723a2653f630c8b02057545c1be65e5f4401490f0364f0d43c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6e6c1f865e6c3e237c36bbb58b3c0e533171303e21cbe4d829d05b497fcd5c7_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f4ab11e6a09b983a4af87723877338a79b45c36b3848b0e8032963a330d98467_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61920"
},
{
"category": "external",
"summary": "RHBZ#2403179",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403179"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61920"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61920",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61920"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e",
"url": "https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9"
}
],
"release_date": "2025-10-10T19:25:07.679000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-27T14:54:51+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:628dd4acfe11aef376cc6d75dc7c337c1e487113c2e78e003a3377472b22f488_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:a6813e5bf29916abf84b2d120a30cda07edf06f735c860ee4d0510ed0c59633b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c7c6fe7ff2592c0fdf51d6e3b0ce657dffcd131c60c00ce680acd89c5c286cee_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f0814d33be7a101b6326fb8a536efc0fe66df764d1efa8ddda021e90e61afda9_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22287"
},
{
"category": "workaround",
"details": "Users unable to upgrade may manually enforce input size limits before handing tokens to Authlib and/or use application-level throttling to reduce amplification risk.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:02ced94ebfcce3e21bcc71af6aa1c11db50822c91dd05cec4fb41a34e6669112_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:42a67bb2e5ab681eadc253b413f0bf557d63f282f270e6064f5768fecf6886e5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:880c746eb5822f68e41ca7b60d97799115c30f39bdc7e458f7a4101e2af36c8c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ad995b723102f4472e4190257b61582de5c6b058b908bcee7cebe683ae77be75_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:49db4fa7375da6397c45b6c09e10e20f5855348e21812d64474c3adec7f1cbdd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:235d66a1ef93f2ae13266709a30698d444d6e481b8edbdb252d49d9aea4b76ce_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26a27da8aa0da9a6673907fe35de61cc93932386070dc3d7ad348e8c086b19d7_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:97dd28bc0b588ffc8fd9a171a946580c0572eb6fb34c85d5e1b799a12cf22574_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b6179970b9060f74475ccd25cbb8f8a098ed5e71afb444058156e91e8a51d5a9_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:60638663af472a24a79cc4a6ec7d4d78a3d10b0e09eec80f6da6855277ff139b_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8ca3e5903314362c191c6acd1d3865436d85daf50e284760da21e28f473a8ee5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9a8d1b2e4b0497f96cbbdfa90d96239da9da8329917adca696ea6f0e20d2c2c0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c622550fb4630be48a1a6e1a8f9337718e4f934b5e5cd23bcc4300beb03eeeae_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:76dd5f7b326afb6c72515daed8e65331f98cb7ad514612c06c85f14de6b525e4_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:7cfa21df6e22c2157d2eb65b5e226863a121c8e661a1869b585ca0656fb6013a_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:9b69aadfde5c4cbde98f496c54ce396d1daa5277b8f59577f22855345604442e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:decf4b7e1917a2c551ea095c9798a65237879369e9f736a44b885e2589e5c05b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:878b011b86512d01021feb10cdd54608a3ab68d2f3db5a1d53ce8feaa9e56878_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:54003d9396862c6e3b675455ac8c0159662a6640bb889ffb34516d2d091275de_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5f2ba97f71eefadd2a84b031e536619dcf1a0b76ae9225592c05b99ec87ca9dc_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8458e32483b897e156a5688ec6d96af2ff897e8c14dafb396c945f7c76b4c368_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ac042b538a7498bf3020c20234966fdbc9b6817aae343985f3bf8ba9fcfdb6d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:ce217da657cabd3cf9beaff3a3b096309738c33932f2ad33d46b03870598f0c4_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:278facca3eaf0c2091ad8575e85ac03aef6e8a52227511e7ee5f62bc2842dac8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:71a6e23a69d7c4723a2653f630c8b02057545c1be65e5f4401490f0364f0d43c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6e6c1f865e6c3e237c36bbb58b3c0e533171303e21cbe4d829d05b497fcd5c7_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f4ab11e6a09b983a4af87723877338a79b45c36b3848b0e8032963a330d98467_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:628dd4acfe11aef376cc6d75dc7c337c1e487113c2e78e003a3377472b22f488_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:a6813e5bf29916abf84b2d120a30cda07edf06f735c860ee4d0510ed0c59633b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c7c6fe7ff2592c0fdf51d6e3b0ce657dffcd131c60c00ce680acd89c5c286cee_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f0814d33be7a101b6326fb8a536efc0fe66df764d1efa8ddda021e90e61afda9_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:02ced94ebfcce3e21bcc71af6aa1c11db50822c91dd05cec4fb41a34e6669112_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:42a67bb2e5ab681eadc253b413f0bf557d63f282f270e6064f5768fecf6886e5_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:880c746eb5822f68e41ca7b60d97799115c30f39bdc7e458f7a4101e2af36c8c_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:ad995b723102f4472e4190257b61582de5c6b058b908bcee7cebe683ae77be75_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:49db4fa7375da6397c45b6c09e10e20f5855348e21812d64474c3adec7f1cbdd_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:235d66a1ef93f2ae13266709a30698d444d6e481b8edbdb252d49d9aea4b76ce_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26a27da8aa0da9a6673907fe35de61cc93932386070dc3d7ad348e8c086b19d7_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:97dd28bc0b588ffc8fd9a171a946580c0572eb6fb34c85d5e1b799a12cf22574_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b6179970b9060f74475ccd25cbb8f8a098ed5e71afb444058156e91e8a51d5a9_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:60638663af472a24a79cc4a6ec7d4d78a3d10b0e09eec80f6da6855277ff139b_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8ca3e5903314362c191c6acd1d3865436d85daf50e284760da21e28f473a8ee5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:9a8d1b2e4b0497f96cbbdfa90d96239da9da8329917adca696ea6f0e20d2c2c0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c622550fb4630be48a1a6e1a8f9337718e4f934b5e5cd23bcc4300beb03eeeae_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:76dd5f7b326afb6c72515daed8e65331f98cb7ad514612c06c85f14de6b525e4_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:7cfa21df6e22c2157d2eb65b5e226863a121c8e661a1869b585ca0656fb6013a_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:9b69aadfde5c4cbde98f496c54ce396d1daa5277b8f59577f22855345604442e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:decf4b7e1917a2c551ea095c9798a65237879369e9f736a44b885e2589e5c05b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:878b011b86512d01021feb10cdd54608a3ab68d2f3db5a1d53ce8feaa9e56878_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:54003d9396862c6e3b675455ac8c0159662a6640bb889ffb34516d2d091275de_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5f2ba97f71eefadd2a84b031e536619dcf1a0b76ae9225592c05b99ec87ca9dc_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:8458e32483b897e156a5688ec6d96af2ff897e8c14dafb396c945f7c76b4c368_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ac042b538a7498bf3020c20234966fdbc9b6817aae343985f3bf8ba9fcfdb6d6_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:ce217da657cabd3cf9beaff3a3b096309738c33932f2ad33d46b03870598f0c4_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:278facca3eaf0c2091ad8575e85ac03aef6e8a52227511e7ee5f62bc2842dac8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:71a6e23a69d7c4723a2653f630c8b02057545c1be65e5f4401490f0364f0d43c_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6e6c1f865e6c3e237c36bbb58b3c0e533171303e21cbe4d829d05b497fcd5c7_arm64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f4ab11e6a09b983a4af87723877338a79b45c36b3848b0e8032963a330d98467_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:628dd4acfe11aef376cc6d75dc7c337c1e487113c2e78e003a3377472b22f488_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:a6813e5bf29916abf84b2d120a30cda07edf06f735c860ee4d0510ed0c59633b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c7c6fe7ff2592c0fdf51d6e3b0ce657dffcd131c60c00ce680acd89c5c286cee_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f0814d33be7a101b6326fb8a536efc0fe66df764d1efa8ddda021e90e61afda9_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib Denial of Service"
}
]
}
GHSA-9GGR-2464-2J32
Vulnerability from github – Published: 2025-09-22 14:42 – Updated: 2025-11-03 18:31
VLAI?
Summary
Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass)
Details
Summary
Authlib’s JWS verification accepts tokens that declare unknown critical header parameters (crit), violating RFC 7515 “must‑understand” semantics. An attacker can craft a signed token with a critical header (for example, bork or cnf) that strict verifiers reject but Authlib accepts. In mixed‑language fleets, this enables split‑brain verification and can lead to policy bypass, replay, or privilege escalation.
Affected Component and Versions
- Library: Authlib (JWS verification)
- API:
authlib.jose.JsonWebSignature.deserialize_compact(...) - Version tested: 1.6.3
- Configuration: Default; no allowlist or special handling for
crit
Details
RFC 7515 (JWS) §4.1.11 defines crit as a “must‑understand” list: recipients MUST understand and enforce every header parameter listed in crit, otherwise they MUST reject the token. Security‑sensitive semantics such as token binding (e.g., cnf from RFC 7800) are often conveyed via crit.
Observed behavior with Authlib 1.6.3:
- When a compact JWS contains a protected header with crit: ["cnf"] and a cnf object, or crit: ["bork"] with an unknown parameter, Authlib verifies the signature and returns the payload without rejecting the token or enforcing semantics of the critical parameter.
- By contrast, Java Nimbus JOSE+JWT (9.37.x) and Node jose v5 both reject such tokens by default when crit lists unknown names.
Impact in heterogeneous fleets:
- A strict ingress/gateway (Nimbus/Node) rejects a token, but a lenient Python microservice (Authlib) accepts the same token. This split‑brain acceptance bypasses intended security policies and can enable replay or privilege escalation if crit carries binding or policy information.
Proof of Concept (PoC)
This repository provides a multi‑runtime PoC demonstrating the issue across Python (Authlib), Node (jose v5), and Java (Nimbus).
Prerequisites
- Python 3.8+
- Node.js 18+
- Java 11+ with Maven
Setup
Enter the directory authlib-crit-bypass-poc & run following commands.
make setup
make tokens
Tokens minted
tokens/unknown_crit.jwtwith protected header:{ "alg": "HS256", "crit": ["bork"], "bork": "x" }tokens/cnf_header.jwtwith protected header:{ "alg": "HS256", "crit": ["cnf"], "cnf": {"jkt": "thumb-42"} }
Reproduction
Run the cross‑runtime demo:
make demo
Expected output for each token (strict verifiers reject; Authlib accepts):
For tokens/unknown_crit.jwt:
Strict(Nimbus): REJECTED (unknown critical header: bork)
Strict(Node jose): REJECTED (unrecognized crit)
Lenient(Authlib): ACCEPTED -> payload={'sub': '123', 'role': 'user'}
For tokens/cnf_header.jwt:
Strict(Nimbus): REJECTED (unknown critical header: cnf)
Strict(Node jose): REJECTED (unrecognized crit)
Lenient(Authlib): ACCEPTED -> payload={'sub': '123', 'role': 'user'}
Environment notes:
- Authlib version used: 1.6.3 (from PyPI)
- Node jose version: ^5
- Nimbus JOSE+JWT version: 9.37.x
- HS256 secret is 32 bytes to satisfy strict verifiers: 0123456789abcdef0123456789abcdef
Impact
- Class: Violation of JWS
crit“must‑understand” semantics; specification non‑compliance leading to authentication/authorization policy bypass. - Who is impacted: Any service that relies on
critto carry mandatory security semantics (e.g., token binding viacnf) or operates in a heterogeneous fleet with strict verifiers elsewhere. - Consequences: Split‑brain acceptance (gateway rejects while a backend accepts), replay, or privilege escalation if critical semantics are ignored.
References
- RFC 7515: JSON Web Signature (JWS), §4.1.11
crit - RFC 7800: Proof‑of‑Possession Key Semantics for JWTs (
cnf)
Severity ?
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "authlib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-59420"
],
"database_specific": {
"cwe_ids": [
"CWE-345",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-22T14:42:12Z",
"nvd_published_at": "2025-09-22T18:15:46Z",
"severity": "HIGH"
},
"details": "## Summary\nAuthlib\u2019s JWS verification accepts tokens that declare unknown critical header parameters (`crit`), violating RFC 7515 \u201cmust\u2011understand\u201d semantics. An attacker can craft a signed token with a critical header (for example, `bork` or `cnf`) that strict verifiers reject but Authlib accepts. In mixed\u2011language fleets, this enables split\u2011brain verification and can lead to policy bypass, replay, or privilege escalation.\n\n## Affected Component and Versions\n- Library: Authlib (JWS verification)\n- API: `authlib.jose.JsonWebSignature.deserialize_compact(...)`\n- Version tested: 1.6.3\n- Configuration: Default; no allowlist or special handling for `crit`\n\n## Details\nRFC 7515 (JWS) \u00a74.1.11 defines `crit` as a \u201cmust\u2011understand\u201d list: recipients MUST understand and enforce every header parameter listed in `crit`, otherwise they MUST reject the token. Security\u2011sensitive semantics such as token binding (e.g., `cnf` from RFC 7800) are often conveyed via `crit`.\n\nObserved behavior with Authlib 1.6.3:\n- When a compact JWS contains a protected header with `crit: [\"cnf\"]` and a `cnf` object, or `crit: [\"bork\"]` with an unknown parameter, Authlib verifies the signature and returns the payload without rejecting the token or enforcing semantics of the critical parameter.\n- By contrast, Java Nimbus JOSE+JWT (9.37.x) and Node `jose` v5 both reject such tokens by default when `crit` lists unknown names.\n\nImpact in heterogeneous fleets:\n- A strict ingress/gateway (Nimbus/Node) rejects a token, but a lenient Python microservice (Authlib) accepts the same token. This split\u2011brain acceptance bypasses intended security policies and can enable replay or privilege escalation if `crit` carries binding or policy information.\n\n## Proof of Concept (PoC)\nThis repository provides a multi\u2011runtime PoC demonstrating the issue across Python (Authlib), Node (`jose` v5), and Java (Nimbus).\n\n### Prerequisites\n- Python 3.8+\n- Node.js 18+\n- Java 11+ with Maven\n\n### Setup\n\nEnter the directory **authlib-crit-bypass-poc** \u0026 run following commands.\n```bash\nmake setup\nmake tokens\n```\n\n### Tokens minted\n- `tokens/unknown_crit.jwt` with protected header:\n `{ \"alg\": \"HS256\", \"crit\": [\"bork\"], \"bork\": \"x\" }`\n- `tokens/cnf_header.jwt` with protected header:\n `{ \"alg\": \"HS256\", \"crit\": [\"cnf\"], \"cnf\": {\"jkt\": \"thumb-42\"} }`\n\n### Reproduction\nRun the cross\u2011runtime demo:\n```bash\nmake demo\n```\n\nExpected output for each token (strict verifiers reject; Authlib accepts):\n\nFor `tokens/unknown_crit.jwt`:\n```\nStrict(Nimbus): REJECTED (unknown critical header: bork)\nStrict(Node jose): REJECTED (unrecognized crit)\nLenient(Authlib): ACCEPTED -\u003e payload={\u0027sub\u0027: \u0027123\u0027, \u0027role\u0027: \u0027user\u0027}\n```\n\nFor `tokens/cnf_header.jwt`:\n```\nStrict(Nimbus): REJECTED (unknown critical header: cnf)\nStrict(Node jose): REJECTED (unrecognized crit)\nLenient(Authlib): ACCEPTED -\u003e payload={\u0027sub\u0027: \u0027123\u0027, \u0027role\u0027: \u0027user\u0027}\n```\n\nEnvironment notes:\n- Authlib version used: `1.6.3` (from PyPI)\n- Node `jose` version: `^5`\n- Nimbus JOSE+JWT version: `9.37.x`\n- HS256 secret is 32 bytes to satisfy strict verifiers: `0123456789abcdef0123456789abcdef`\n\n## Impact\n- Class: Violation of JWS `crit` \u201cmust\u2011understand\u201d semantics; specification non\u2011compliance leading to authentication/authorization policy bypass.\n- Who is impacted: Any service that relies on `crit` to carry mandatory security semantics (e.g., token binding via `cnf`) or operates in a heterogeneous fleet with strict verifiers elsewhere.\n- Consequences: Split\u2011brain acceptance (gateway rejects while a backend accepts), replay, or privilege escalation if critical semantics are ignored.\n\n## References\n- RFC 7515: JSON Web Signature (JWS), \u00a74.1.11 `crit`\n- RFC 7800: Proof\u2011of\u2011Possession Key Semantics for JWTs (`cnf`)",
"id": "GHSA-9ggr-2464-2j32",
"modified": "2025-11-03T18:31:42Z",
"published": "2025-09-22T14:42:12Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59420"
},
{
"type": "WEB",
"url": "https://github.com/authlib/authlib/commit/6b1813e4392eb7c168c276099ff7783b176479df"
},
{
"type": "PACKAGE",
"url": "https://github.com/authlib/authlib"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00032.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Authlib: JWS/JWT accepts unknown crit headers (RFC violation \u2192 possible authz bypass)"
}
FKIE_CVE-2025-59420
Vulnerability from fkie_nvd - Published: 2025-09-22 18:15 - Updated: 2025-11-03 18:17
Severity ?
Summary
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.4, Authlib’s JWS verification accepts tokens that declare unknown critical header parameters (crit), violating RFC 7515 “must‑understand” semantics. An attacker can craft a signed token with a critical header (for example, bork or cnf) that strict verifiers reject but Authlib accepts. In mixed‑language fleets, this enables split‑brain verification and can lead to policy bypass, replay, or privilege escalation. This issue has been patched in version 1.6.4.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:authlib:authlib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02148BAC-81FF-495B-933A-98B636364E1E",
"versionEndExcluding": "1.6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.4, Authlib\u2019s JWS verification accepts tokens that declare unknown critical header parameters (crit), violating RFC 7515 \u201cmust\u2011understand\u201d semantics. An attacker can craft a signed token with a critical header (for example, bork or cnf) that strict verifiers reject but Authlib accepts. In mixed\u2011language fleets, this enables split\u2011brain verification and can lead to policy bypass, replay, or privilege escalation. This issue has been patched in version 1.6.4."
}
],
"id": "CVE-2025-59420",
"lastModified": "2025-11-03T18:17:01.017",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-09-22T18:15:46.910",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/authlib/authlib/commit/6b1813e4392eb7c168c276099ff7783b176479df"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00032.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
},
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…