Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-43512 (GCVE-0-2026-43512)
Vulnerability from cvelistv5 – Published: 2026-05-12 15:24 – Updated: 2026-05-14 19:53- CWE-592 - DEPRECATED: Authentication Bypass Issues
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Affected:
11.0.0-M1 , ≤ 11.0.21
(semver)
Affected: 10.1.0-M1 , ≤ 10.1.54 (semver) Affected: 9.0.0.M1 , ≤ 9.0.117 (semver) Affected: 8.5.0 , ≤ 8.5.100 (semver) Affected: 7.0.0 , ≤ 7.0.109 (semver) Unknown: 0 , < 7.0.0 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-12T17:40:59.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/12/8"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-43512",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T16:38:42.418842Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:53:34.555Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.21",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.54",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.117",
"status": "affected",
"version": "9.0.0.M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.100",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.109",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThan": "7.0.0",
"status": "unknown",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0.\u003cbr\u003eOlder unsupported versions any also be affect\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.\u003c/p\u003e"
}
],
"value": "DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0.\nOlder unsupported versions any also be affect\n\nUsers are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-592",
"description": "CWE-592 DEPRECATED: Authentication Bypass Issues",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T15:24:02.424Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Tomcat: Digest authenticator will authenticate any unknown user",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2026-43512",
"datePublished": "2026-05-12T15:24:02.424Z",
"dateReserved": "2026-05-01T16:19:22.016Z",
"dateUpdated": "2026-05-14T19:53:34.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-43512",
"date": "2026-07-15",
"epss": "0.01233",
"percentile": "0.65595"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-43512\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2026-05-12T16:16:17.990\",\"lastModified\":\"2026-06-17T10:49:50.590\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat.\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0.\\nOlder unsupported versions any also be affect\\n\\nUsers are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.\"}],\"affected\":[{\"source\":\"security@apache.org\",\"affectedData\":[{\"vendor\":\"Apache Software Foundation\",\"product\":\"Apache Tomcat\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"11.0.0-M1\",\"lessThanOrEqual\":\"11.0.21\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"10.1.0-M1\",\"lessThanOrEqual\":\"10.1.54\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"9.0.0.M1\",\"lessThanOrEqual\":\"9.0.117\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"8.5.0\",\"lessThanOrEqual\":\"8.5.100\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"7.0.0\",\"lessThanOrEqual\":\"7.0.109\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"7.0.0\",\"versionType\":\"semver\",\"status\":\"unknown\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-05-14T16:38:42.418842Z\",\"id\":\"CVE-2026-43512\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-592\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndIncluding\":\"7.0.109\",\"matchCriteriaId\":\"5BE0EC99-5BCD-4F7F-8124-4A1734B7BF6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.5.0\",\"versionEndIncluding\":\"8.5.100\",\"matchCriteriaId\":\"FF43D0D7-FBF3-4D7A-84C4-47B65A75A524\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.0.118\",\"matchCriteriaId\":\"1E5A897C-91F4-449E-984C-7D693B137EED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.1.0\",\"versionEndExcluding\":\"10.1.55\",\"matchCriteriaId\":\"5F289287-8587-4BB3-B4AB-3B5CF4A7D27A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndExcluding\":\"11.0.22\",\"matchCriteriaId\":\"03FB799D-A66F-4792-A0CF-16D67BB53F08\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/05/12/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}",
"redhat_vex": {
"aggregate_severity": "Moderate",
"current_release_date": "2026-06-30T17:01:13+00:00",
"cve": "CVE-2026-43512",
"id": "CVE-2026-43512",
"initial_release_date": "2026-05-12T15:24:02.424000+00:00",
"product_status:fixed": "8",
"product_status:known_affected": "4",
"product_status:known_not_affected": "79",
"product_status:under_investigation": "1",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "tomcat-coyote: Apache Tomcat: Authentication bypass via digest authentication",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43512.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/05/12/8\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-05-12T17:40:59.559Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-43512\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-14T16:38:42.418842Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-14T16:39:03.516Z\"}}], \"cna\": {\"title\": \"Apache Tomcat: Digest authenticator will authenticate any unknown user\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"moderate\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Tomcat\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.0.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"11.0.21\"}, {\"status\": \"affected\", \"version\": \"10.1.0-M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"10.1.54\"}, {\"status\": \"affected\", \"version\": \"9.0.0.M1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.0.117\"}, {\"status\": \"affected\", \"version\": \"8.5.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.5.100\"}, {\"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0.109\"}, {\"status\": \"unknown\", \"version\": \"0\", \"lessThan\": \"7.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat.\\n\\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0.\\nOlder unsupported versions any also be affect\\n\\nUsers are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eDEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0.\u003cbr\u003eOlder unsupported versions any also be affect\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-592\", \"description\": \"CWE-592 DEPRECATED: Authentication Bypass Issues\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2026-05-12T15:24:02.424Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-43512\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-14T19:53:34.555Z\", \"dateReserved\": \"2026-05-01T16:19:22.016Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2026-05-12T15:24:02.424Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
bit-tomcat-2026-43512
Vulnerability from bitnami_vulndb
DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0 through 11.0.21, from 10.1.0 through 10.1.54, from 9.0.0 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0. Older unsupported versions any also be affect
Users are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "tomcat",
"purl": "pkg:bitnami/tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.0"
},
{
"fixed": "10.1.55"
},
{
"introduced": "11.0.0"
},
{
"fixed": "11.0.22"
},
{
"introduced": "9.0.0"
},
{
"fixed": "9.0.118"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2026-43512"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:apache:tomcat:*:*:*:*:*:maven:*:*"
],
"severity": "Critical"
},
"details": "DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0 through 11.0.21, from 10.1.0 through 10.1.54, from 9.0.0 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0.\nOlder unsupported versions any also be affect\n\nUsers are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue.",
"id": "BIT-tomcat-2026-43512",
"modified": "2026-05-15T12:24:26.484Z",
"published": "2026-05-14T11:56:45.724Z",
"references": [
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/12/8"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43512"
}
],
"schema_version": "1.6.2",
"summary": "Apache Tomcat: Digest authenticator will authenticate any unknown user"
}
CERTFR-2026-AVI-0577
Vulnerability from certfr_avis - Published: 2026-05-13 - Updated: 2026-05-13
De multiples vulnérabilités ont été découvertes dans Apache Tomcat. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tomcat versions 9.0.x ant\u00e9rieures \u00e0 9.0.118",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Tomcat versions 10.1.x ant\u00e9rieures \u00e0 10.1.55",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Tomcat versions 11.0.x ant\u00e9rieures \u00e0 11.0.22",
"product": {
"name": "Tomcat",
"vendor": {
"name": "Apache",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-43515",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43515"
},
{
"name": "CVE-2026-41284",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41284"
},
{
"name": "CVE-2026-43514",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43514"
},
{
"name": "CVE-2026-43513",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43513"
},
{
"name": "CVE-2026-43512",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43512"
},
{
"name": "CVE-2026-42498",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42498"
},
{
"name": "CVE-2026-41293",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41293"
}
],
"initial_release_date": "2026-05-13T00:00:00",
"last_revision_date": "2026-05-13T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0577",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apache Tomcat. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un contournement de la politique de s\u00e9curit\u00e9 et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apache Tomcat",
"vendor_advisories": [
{
"published_at": "2026-05-10",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_9.0.118",
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.118"
},
{
"published_at": "2026-05-11",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_10.1.55",
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.55"
},
{
"published_at": "2026-05-05",
"title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_11.0.22",
"url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.22"
}
]
}
CERTFR-2026-AVI-0773
Vulnerability from certfr_avis - Published: 2026-06-18 - Updated: 2026-06-18
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Service Management Data Center et Server versions 11.3.x antérieures à 11.3.7 | ||
| Atlassian | Confluence | Confluence Data Center versions 10.2.x antérieures à 10.2.13 | ||
| Atlassian | Jira | Jira Software Data Center versions 10.3.x antérieures à 10.3.22 | ||
| Atlassian | Jira | Jira Service Management Data Center et Server versions 10.3.x antérieures à 10.3.22 | ||
| Atlassian | Confluence | Confluence Data Center versions 9.2.x antérieures à 9.2.21 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 10.3.x antérieures à 10.3.22 | ||
| Atlassian | Jira | Jira Software Data Center versions 11.3.x antérieures à 11.3.7 | ||
| Atlassian | Jira | Jira Software Data Center et Server versions 10.3.x antérieures à 10.3.22 | ||
| Atlassian | Jira | Jira Service Management Data Center versions 11.3.x antérieures à 11.3.7 | ||
| Atlassian | Jira | Jira Software Data Center et Server versions 9.12.x antérieures à 9.12.36 | ||
| Atlassian | Jira | Jira Software Data Center et Server versions 11.3.x antérieures à 11.3.7 | ||
| Atlassian | Jira | Jira Software Data Center versions 9.12.x antérieures à 9.12.36 |
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Service Management Data Center et Server versions 11.3.x ant\u00e9rieures \u00e0 11.3.7",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 10.2.x ant\u00e9rieures \u00e0 10.2.13",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 10.3.x ant\u00e9rieures \u00e0 10.3.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center et Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions 9.2.x ant\u00e9rieures \u00e0 9.2.21",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 10.3.x ant\u00e9rieures \u00e0 10.3.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 11.3.x ant\u00e9rieures \u00e0 11.3.7",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center et Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.22",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions 11.3.x ant\u00e9rieures \u00e0 11.3.7",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center et Server versions 9.12.x ant\u00e9rieures \u00e0 9.12.36",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center et Server versions 11.3.x ant\u00e9rieures \u00e0 11.3.7",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions 9.12.x ant\u00e9rieures \u00e0 9.12.36",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
},
{
"name": "CVE-2026-43515",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43515"
},
{
"name": "CVE-2026-42211",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42211"
},
{
"name": "CVE-2026-34486",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34486"
},
{
"name": "CVE-2026-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
},
{
"name": "CVE-2026-42585",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42585"
},
{
"name": "CVE-2026-42584",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42584"
},
{
"name": "CVE-2026-41284",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41284"
},
{
"name": "CVE-2026-45149",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45149"
},
{
"name": "CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"name": "CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"name": "CVE-2026-44495",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44495"
},
{
"name": "CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"name": "CVE-2026-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
},
{
"name": "CVE-2026-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
},
{
"name": "CVE-2026-34487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34487"
},
{
"name": "CVE-2021-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
},
{
"name": "CVE-2026-42038",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42038"
},
{
"name": "CVE-2026-42583",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42583"
},
{
"name": "CVE-2026-43513",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43513"
},
{
"name": "CVE-2026-29129",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29129"
},
{
"name": "CVE-2026-42587",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42587"
},
{
"name": "CVE-2026-42342",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42342"
},
{
"name": "CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"name": "CVE-2026-42264",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42264"
},
{
"name": "CVE-2026-45736",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45736"
},
{
"name": "CVE-2026-43512",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43512"
},
{
"name": "CVE-2026-42579",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42579"
},
{
"name": "CVE-2026-42498",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42498"
},
{
"name": "CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"name": "CVE-2026-34077",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34077"
},
{
"name": "CVE-2026-41293",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41293"
}
],
"initial_release_date": "2026-06-18T00:00:00",
"last_revision_date": "2026-06-18T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0773",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-06-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26825",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26825"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16543",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16543"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16622",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16622"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16604",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16604"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26820",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26820"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26813",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26813"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16583",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16583"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16609",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16609"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16613",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16613"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104143",
"url": "https://jira.atlassian.com/browse/CONFSERVER-104143"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104139",
"url": "https://jira.atlassian.com/browse/CONFSERVER-104139"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16626",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16626"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16614",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16614"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26791",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26791"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104136",
"url": "https://jira.atlassian.com/browse/CONFSERVER-104136"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26783",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26783"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103936",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103936"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26805",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26805"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26800",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26800"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26838",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26838"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16618",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16618"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26815",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26815"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26819",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26819"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104131",
"url": "https://jira.atlassian.com/browse/CONFSERVER-104131"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104199",
"url": "https://jira.atlassian.com/browse/CONFSERVER-104199"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103906",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103906"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26751",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26751"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16620",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16620"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16615",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16615"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16632",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16632"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16627",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16627"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-103468",
"url": "https://jira.atlassian.com/browse/CONFSERVER-103468"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26841",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26841"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26818",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26818"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26837",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26837"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104132",
"url": "https://jira.atlassian.com/browse/CONFSERVER-104132"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16608",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16608"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26835",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26835"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104134",
"url": "https://jira.atlassian.com/browse/CONFSERVER-104134"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16616",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16616"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16610",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16610"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16617",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16617"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26821",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26821"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26784",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26784"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16623",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16623"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104133",
"url": "https://jira.atlassian.com/browse/CONFSERVER-104133"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26840",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26840"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104130",
"url": "https://jira.atlassian.com/browse/CONFSERVER-104130"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16629",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16629"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26752",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26752"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26827",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26827"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16606",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16606"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16628",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16628"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26816",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26816"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104135",
"url": "https://jira.atlassian.com/browse/CONFSERVER-104135"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26811",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26811"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26826",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26826"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16541",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16541"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104138",
"url": "https://jira.atlassian.com/browse/CONFSERVER-104138"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26822",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26822"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16607",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16607"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16631",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16631"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16625",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16625"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-104171",
"url": "https://jira.atlassian.com/browse/CONFSERVER-104171"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16621",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16621"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16584",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16584"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26814",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26814"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16611",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16611"
},
{
"published_at": "2026-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26836",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26836"
}
]
}
CERTFR-2026-AVI-0877
Vulnerability from certfr_avis - Published: 2026-07-15 - Updated: 2026-07-15
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection SQL (SQLi).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | Change and Transport System Attach Tool (ctsattach) version CTS_UPLOAD_CLT 1 sans le dernier correctif de sécurité | ||
| SAP | N/A | S/4HANA (Draft operation) version S4CORE 108 sans le dernier correctif de sécurité | ||
| SAP | N/A | NetWeaver Application Server ABAP versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53. 7.54, 7.77, 7.89, 7.93, 9.16, 9.18, 9.19 et 9.20 sans le dernier correctif de sécurité | ||
| SAP | N/A | NetWeaver Enterprise Portal version EP-RUNTIME 7.50 sans le dernier correctif de sécurité | ||
| SAP | N/A | NetWeaver Application Server Java (Web Container) version ENGINEAPI 7.50 sans le dernier correctif de sécurité | ||
| SAP | N/A | SAProuter on Microsoft Windows versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, SAP_ROUTER 7.53, 7.54, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, 9.17 et 9.18 sans le dernier correctif de sécurité | ||
| SAP | N/A | S/4HANA Project Management (PPM-PRO) versions SAP_APPL 600, 602, 603, 604, 605, 606, 617, 618, S4CORE 102, 103, 104, 105, 106, 107, 108, CPRXRPM 400, 450_700, 500_702 et 610_740 sans le dernier correctif de sécurité | ||
| SAP | N/A | S/4 HANA (Create Single Payment) versions S4CORE 102, 103, 104, 105, 106, 107, 108 et 109 sans le dernier correctif de sécurité | ||
| SAP | N/A | HANA Extended Application Services classic model (User Self Service) version HDB 2.00 sans le dernier correctif de sécurité | ||
| SAP | N/A | NetWeaver Application Server ABAP (applications based on Business Server Pages) versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 816, SAP_BASIS 918, SAP_BASIS 919 et SAP_BASIS 920 sans le dernier correctif de sécurité | ||
| SAP | N/A | Integration Suite (Edge Integration Cell) version SAP Integration Suite (Edge Integration Cell) < 8.43.11 sans le dernier correctif de sécurité | ||
| SAP | N/A | NetWeaver AS Java versions SERVERCORE 7.50, CORE-TOOLS 7.50 et J2EE-APPS 7.50 sans le dernier correctif de sécurité | ||
| SAP | N/A | CRM (WebClient UI) versions S4FND 104, 105 et 106 sans le dernier correctif de sécurité | ||
| SAP | N/A | Fiori (launchpad) versions SAP_UI 754, 755, 756, 757, 758 et 816 sans le dernier correctif de sécurité | ||
| SAP | N/A | NetWeaver Application Server Java(Configuration Wizard) version LMCTC 7.50 sans le dernier correctif de sécurité | ||
| SAP | N/A | Commerce Cloud versions HY_COM 2205, COM_CLOUD 2211 et 2211-JDK21 sans le dernier correctif de sécurité |
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Change and Transport System Attach Tool (ctsattach) version CTS_UPLOAD_CLT 1 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4HANA (Draft operation) version S4CORE 108 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server ABAP versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53. 7.54, 7.77, 7.89, 7.93, 9.16, 9.18, 9.19 et 9.20 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Enterprise Portal version EP-RUNTIME 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server Java (Web Container) version ENGINEAPI 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAProuter on Microsoft Windows versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, SAP_ROUTER 7.53, 7.54, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, 9.17 et 9.18 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4HANA Project Management (PPM-PRO) versions SAP_APPL 600, 602, 603, 604, 605, 606, 617, 618, S4CORE 102, 103, 104, 105, 106, 107, 108, CPRXRPM 400, 450_700, 500_702 et 610_740 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4 HANA (Create Single Payment) versions S4CORE 102, 103, 104, 105, 106, 107, 108 et 109 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "HANA Extended Application Services classic model (User Self Service) version HDB 2.00 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server ABAP (applications based on Business Server Pages) versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 816, SAP_BASIS 918, SAP_BASIS 919 et SAP_BASIS 920 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Integration Suite (Edge Integration Cell) version SAP Integration Suite (Edge Integration Cell) \u003c 8.43.11 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver AS Java versions SERVERCORE 7.50, CORE-TOOLS 7.50 et J2EE-APPS 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "CRM (WebClient UI) versions S4FND 104, 105 et 106 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Fiori (launchpad) versions SAP_UI 754, 755, 756, 757, 758 et 816 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server Java(Configuration Wizard) version LMCTC 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Commerce Cloud versions HY_COM 2205, COM_CLOUD 2211 et 2211-JDK21 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-44761",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44761"
},
{
"name": "CVE-2026-43515",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43515"
},
{
"name": "CVE-2026-27690",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27690"
},
{
"name": "CVE-2026-44759",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44759"
},
{
"name": "CVE-2026-44745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44745"
},
{
"name": "CVE-2026-0487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0487"
},
{
"name": "CVE-2026-44771",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44771"
},
{
"name": "CVE-2026-40453",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40453"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2026-33454",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33454"
},
{
"name": "CVE-2026-24315",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24315"
},
{
"name": "CVE-2026-40128",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40128"
},
{
"name": "CVE-2026-44752",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44752"
},
{
"name": "CVE-2026-44769",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44769"
},
{
"name": "CVE-2026-44760",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44760"
},
{
"name": "CVE-2026-44767",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44767"
},
{
"name": "CVE-2026-58233",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-58233"
},
{
"name": "CVE-2026-40860",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40860"
},
{
"name": "CVE-2026-44770",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44770"
},
{
"name": "CVE-2026-43512",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43512"
},
{
"name": "CVE-2026-44768",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44768"
},
{
"name": "CVE-2026-44753",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44753"
},
{
"name": "CVE-2026-44747",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44747"
},
{
"name": "CVE-2026-41293",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41293"
}
],
"initial_release_date": "2026-07-15T00:00:00",
"last_revision_date": "2026-07-15T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0877",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-07-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection SQL (SQLi).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": "2026-07-14",
"title": "Bulletin de s\u00e9curit\u00e9 SAP july-2026",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2026.html"
}
]
}
FKIE_CVE-2026-43512
Vulnerability from fkie_nvd - Published: 2026-05-12 16:16 - Updated: 2026-06-17 10:49| URL | Tags | ||
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73 | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2026/05/12/8 | Mailing List, Third Party Advisory |
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.21",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.54",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.117",
"status": "affected",
"version": "9.0.0.M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.100",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.109",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThan": "7.0.0",
"status": "unknown",
"version": "0",
"versionType": "semver"
}
]
}
],
"source": "security@apache.org"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BE0EC99-5BCD-4F7F-8124-4A1734B7BF6B",
"versionEndIncluding": "7.0.109",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF43D0D7-FBF3-4D7A-84C4-47B65A75A524",
"versionEndIncluding": "8.5.100",
"versionStartIncluding": "8.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E5A897C-91F4-449E-984C-7D693B137EED",
"versionEndExcluding": "9.0.118",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F289287-8587-4BB3-B4AB-3B5CF4A7D27A",
"versionEndExcluding": "10.1.55",
"versionStartIncluding": "10.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03FB799D-A66F-4792-A0CF-16D67BB53F08",
"versionEndExcluding": "11.0.22",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 8.5.0 through 8.5.100, from before 7.0.0.\nOlder unsupported versions any also be affect\n\nUsers are recommended to upgrade to version 11.0.22, 10.1.55 or 9.0.118 which fix the issue."
}
],
"id": "CVE-2026-43512",
"lastModified": "2026-06-17T10:49:50.590",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-43512",
"options": [
{
"exploitation": "none"
},
{
"automatable": "yes"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T16:38:42.418842Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-05-12T16:16:17.990",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2026/05/12/8"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-592"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
GHSA-H6FC-48RJ-7QQH
Vulnerability from github – Published: 2026-05-12 18:30 – Updated: 2026-05-18 20:38Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.0.M1 to 9.0.117 Older, unsupported versions may also be affected
Description: When DIGEST authentication was configured, any user not known to the configured Realm would be authenticated if they presented the password "null".
Mitigation: Users of the affected versions should apply one of the following mitigations: - Upgrade to Apache Tomcat 11.0.22 or later - Upgrade to Apache Tomcat 10.1.55 or later - Upgrade to Apache Tomcat 9.0.118 or later
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.118"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.0-M1"
},
{
"fixed": "10.1.55"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-M1"
},
{
"fixed": "11.0.22"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.118"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.0-M1"
},
{
"fixed": "10.1.55"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-M1"
},
{
"fixed": "11.0.22"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.118"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.0-M1"
},
{
"fixed": "10.1.55"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-catalina"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-M1"
},
{
"fixed": "11.0.22"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-43512"
],
"database_specific": {
"cwe_ids": [
"CWE-287"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-18T20:38:27Z",
"nvd_published_at": "2026-05-12T16:16:17Z",
"severity": "CRITICAL"
},
"details": "Versions Affected:\nApache Tomcat 11.0.0-M1 to 11.0.21\nApache Tomcat 10.1.0-M1 to 10.1.54\nApache Tomcat 9.0.0.M1 to 9.0.117\nOlder, unsupported versions may also be affected\n\nDescription:\nWhen DIGEST authentication was configured, any user not known to the\nconfigured Realm would be authenticated if they presented the password\n\"null\".\n\nMitigation:\nUsers of the affected versions should apply one of the following\nmitigations:\n- Upgrade to Apache Tomcat 11.0.22 or later\n- Upgrade to Apache Tomcat 10.1.55 or later\n- Upgrade to Apache Tomcat 9.0.118 or later",
"id": "GHSA-h6fc-48rj-7qqh",
"modified": "2026-05-18T20:38:28Z",
"published": "2026-05-12T18:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43512"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/3d4d3fae07a6cd9c2eb193c5491001740ec64448"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/6565a6cb6499e56fe2f34457cec99f9d1c4f39e9"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/a99c355e8199adbfd67c9a1fffbd85b810b196cd"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-10.html"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-11.html"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-9.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/12/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Apache Tomcat - Digest authenticator will authenticate any unknown user"
}
NCSC-2026-0230
Vulnerability from csaf_ncscnl - Published: 2026-07-14 13:47 - Updated: 2026-07-14 13:47SAP NetWeaver Application Server ABAP contains a memory management logical error that can be exploited by an authenticated attacker to cause memory corruption, potentially compromising data confidentiality, integrity, and system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / CRM WebClient UI
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Change and Transport System Attach Tool
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / HANA Database
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / S4 HANA
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Software
|
vers:unknown/* |
An HTTP Request Smuggling vulnerability in SAP Approuter enables unauthenticated attackers to cause request-response desynchronization, potentially exposing user data and disrupting system availability, affecting confidentiality and availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / CRM WebClient UI
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Change and Transport System Attach Tool
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / HANA Database
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / S4 HANA
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Software
|
vers:unknown/* |
SAP Commerce Cloud contains a sample OAuth2 client with publicly documented credentials, enabling unauthenticated attackers to obtain access tokens and manipulate data, compromising confidentiality and integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / CRM WebClient UI
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Change and Transport System Attach Tool
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / HANA Database
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / S4 HANA
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Software
|
vers:unknown/* |
A Directory Traversal vulnerability in SAP NetWeaver Application Server Java (Web Container) allows unauthenticated attackers to exploit crafted HTTP logon requests to manipulate file inclusion parameters and access or modify sensitive files.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / CRM WebClient UI
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Change and Transport System Attach Tool
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / HANA Database
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / S4 HANA
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Software
|
vers:unknown/* |
Apache Camel's JMS components contain deserialization vulnerabilities allowing remote code execution via crafted ObjectMessages, affecting multiple versions including those used in SAP Integration Suite's Edge Integration Cell.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / CRM WebClient UI
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Change and Transport System Attach Tool
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / HANA Database
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / S4 HANA
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Software
|
vers:unknown/* |
SAProuter on Microsoft Windows suffers from a DLL Hijacking vulnerability that enables unauthenticated attackers to execute arbitrary code by loading malicious DLLs from untrusted locations, compromising system confidentiality, integrity, and availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / CRM WebClient UI
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Change and Transport System Attach Tool
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / HANA Database
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / S4 HANA
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Software
|
vers:unknown/* |
SAP NetWeaver Application Server Java, including its Configuration Wizard, is vulnerable to Cross-Site Scripting (XSS) attacks via crafted URLs that can execute malicious JavaScript, compromising session confidentiality and altering displayed data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / CRM WebClient UI
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Change and Transport System Attach Tool
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / HANA Database
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / S4 HANA
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Software
|
vers:unknown/* |
SAP Approuter contains vulnerabilities including an OAuth2 login flow flaw allowing unauthorized access via improper header validation and an Open Redirect issue, affecting confidentiality and integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / CRM WebClient UI
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Change and Transport System Attach Tool
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / HANA Database
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / S4 HANA
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Software
|
vers:unknown/* |
Multiple critical vulnerabilities in Apache Tomcat versions 9.0.0.M1 to 11.0.21, including digest authentication bypass, WebDAV unbounded request sizes, HTTP/2 header validation flaws, and authorization bypass, have been addressed in updates 9.0.118, 10.1.55, and 11.0.22.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / CRM WebClient UI
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Change and Transport System Attach Tool
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / HANA Database
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / S4 HANA
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Software
|
vers:unknown/* |
Multiple Apache Tomcat versions exhibit vulnerabilities including improper input validation, HTTP/2 header validation flaws, WebDAV request size issues, WebSocket authentication exposure, and authorization bypasses, with updates released to address these security concerns.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / CRM WebClient UI
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Change and Transport System Attach Tool
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / HANA Database
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / S4 HANA
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Software
|
vers:unknown/* |
Apache Tomcat versions 7.0.0 to 11.0.21 have multiple security vulnerabilities including improper authorization with multiple method constraints, digest authentication bypass, HTTP/2 header validation flaws, WebDAV request size issues, and case sensitivity problems in LockOutRealm, resolved in versions 9.0.118, 10.1.55, and 11.0.22.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / CRM WebClient UI
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Change and Transport System Attach Tool
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / HANA Database
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / S4 HANA
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Software
|
vers:unknown/* |
The SAP Change and Transport System Attach Tool (ctsattach) contains a remote code execution vulnerability due to insecure deserialization of specially crafted archive files, enabling authenticated attackers to compromise system integrity and confidentiality.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / CRM WebClient UI
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Change and Transport System Attach Tool
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / HANA Database
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / S4 HANA
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Software
|
vers:unknown/* |
SAP NetWeaver Enterprise Portal is affected by a reflected Cross Site Scripting (XSS) vulnerability via URL parameters, enabling attackers to execute malicious scripts that may compromise session data and manipulate portal content.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / CRM WebClient UI
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Change and Transport System Attach Tool
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / HANA Database
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / S4 HANA
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Software
|
vers:unknown/* |
The setThemeRoot() function contains a vulnerability that bypasses the sap-allowed-theme-origins allowlist, enabling attackers to perform cross-origin CSS injection via attacker-controlled URLs or parameters, resulting in UI redressing, phishing, and limited data exfiltration.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / CRM WebClient UI
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Change and Transport System Attach Tool
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / HANA Database
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / S4 HANA
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Software
|
vers:unknown/* |
SAP S/4HANA Project Management (PPM-PRO) contains an SQL Injection vulnerability that allows high-privilege attackers to execute crafted database queries, resulting in low confidentiality impact without affecting integrity or availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / CRM WebClient UI
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Change and Transport System Attach Tool
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / HANA Database
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / S4 HANA
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Software
|
vers:unknown/* |
A Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP's Business Server Pages framework allows arbitrary JavaScript injection, risking session theft and unauthorized user actions with limited impact on confidentiality and integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / CRM WebClient UI
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Change and Transport System Attach Tool
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / HANA Database
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / S4 HANA
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Software
|
vers:unknown/* |
The SAP S/4HANA Draft operation contains a missing authorization check, allowing unauthorized users to access sensitive information and potentially escalate privileges, affecting confidentiality but not integrity or availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / CRM WebClient UI
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Change and Transport System Attach Tool
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / HANA Database
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / S4 HANA
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Software
|
vers:unknown/* |
The SAP S/4 HANA Create Single Payment function lacks necessary authorization checks, allowing unauthorized users to access certain entity set keys and potentially disclose sensitive information, affecting confidentiality.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / CRM WebClient UI
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Change and Transport System Attach Tool
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / HANA Database
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / S4 HANA
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Software
|
vers:unknown/* |
SAP Fiori Launchpad is susceptible to malicious URL attacks that can lead to credential theft and account compromise, requiring advanced system knowledge and posing low risk to confidentiality and integrity without impacting availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / CRM WebClient UI
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Change and Transport System Attach Tool
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / HANA Database
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / S4 HANA
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Software
|
vers:unknown/* |
SAP CRM WebClient UI is affected by a security misconfiguration that allows script injection due to missing Content Security Policy directives, impacting application integrity without affecting confidentiality or availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / CRM WebClient UI
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Change and Transport System Attach Tool
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / HANA Database
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / S4 HANA
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Software
|
vers:unknown/* |
SAP HANA Database and Extended Application Services classic model (User Self Service) contain vulnerabilities that allow unauthenticated attackers to enumerate valid user accounts and email addresses, leading to information disclosure affecting confidentiality.
CWE-204 - Observable Response Discrepancy| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / CRM WebClient UI
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Change and Transport System Attach Tool
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / HANA Database
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / S4 HANA
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Software
|
vers:unknown/* |
Apache Log4j Core versions 2.0-beta9 through 2.25.2 have a critical vulnerability in the Socket Appender due to missing TLS hostname verification, enabling man-in-the-middle attacks, affecting multiple vendors including Oracle, IBM, NetApp, and SAP.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / CRM WebClient UI
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Change and Transport System Attach Tool
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / HANA Database
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / S4 HANA
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Software
|
vers:unknown/* |
Multiple critical vulnerabilities in Apache Camel, including CVE-2025-27636, allow remote code execution and arbitrary file write via case-variant header injection, while HPE Telco NFV Orchestrator also contains exploitable security flaws.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / CRM WebClient UI
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Change and Transport System Attach Tool
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / HANA Database
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / S4 HANA
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Software
|
vers:unknown/* |
Apache Camel's Camel-Mail component and SAP Integration Suite's Edge Integration Cell contain vulnerabilities allowing attackers to inject malicious headers that can alter route behavior and application components.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
SAP / CRM WebClient UI
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Change and Transport System Attach Tool
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / HANA Database
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Application Server Java
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / S4 HANA
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Commerce Cloud
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Application Server ABAP
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP NetWeaver Enterprise Portal
|
vers:unknown/* | ||
|
vers:unknown/*
SAP / SAP Software
|
vers:unknown/* |
| URL | Category |
|---|---|
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
| https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-… | self |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "SAP heeft kwetsbaarheden verholpen in SAP NetWeaver Application Server ABAP, SAP Approuter, SAP Commerce Cloud, SAP NetWeaver Application Server Java, SAProuter, SAP Change and Transport System Attach Tool, SAP NetWeaver Enterprise Portal, SAP S/4HANA modules, SAP Fiori Launchpad, SAP CRM WebClient UI, SAP HANA Database user self service tools, en SAP Commerce Cloud.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden betreffen diverse beveiligingsproblemen zoals:\n- geheugenbeschadiging in SAP NetWeaver Application Server ABAP\n- HTTP Request Smuggling in SAP Approuter\n- onveilige OAuth2-sample credentials in SAP Commerce Cloud\n- directory traversal in SAP NetWeaver Application Server Java\n- DLL hijacking in SAProuter op Windows.\n- Verder zijn er Cross-Site Scripting (XSS) kwetsbaarheden in SAP NetWeaver Application Server Java en Enterprise Portal en ontbrekende autorisatiecontroles in SAP S/4HANA modules.\n- SAP Change and Transport System Attach Tool is kwetsbaar voor remote code execution door onveilige deserialisatie.\n- SAP HANA user self service tools maken informatieoverdracht mogelijk zonder authenticatie.\n\nDe kwetsbaarheden kunnen leiden tot ongeautoriseerde toegang, manipulatie van data, informatielekken, en verstoring van de beschikbaarheid. Sommige kwetsbaarheden vereisen authenticatie, andere kunnen door onbevoegden worden misbruikt. Diverse kwetsbaarheden zijn specifiek voor componenten die binnen SAP-omgevingen worden gebruikt, zoals Apache Camel binnen de SAP Integration Suite en Apache Tomcat binnen SAP Commerce Cloud.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "SAP heeft updates uitgebracht om de genoemde kwetsbaarheden te verhelpen. Gebruikers van de getroffen SAP-producten wordt geadviseerd deze updates te installeren om de beveiligingsproblemen te mitigeren. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"title": "Kwetsbaarheden verholpen in SAP-producten",
"tracking": {
"current_release_date": "2026-07-14T13:47:14.712870Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0230",
"initial_release_date": "2026-07-14T13:47:14.712870Z",
"revision_history": [
{
"date": "2026-07-14T13:47:14.712870Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "CRM WebClient UI"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Change and Transport System Attach Tool"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Commerce Cloud"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "HANA Database"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "NetWeaver Application Server ABAP"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "NetWeaver Application Server Java"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "NetWeaver Enterprise Portal"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "S4 HANA"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "SAP Commerce Cloud"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "SAP NetWeaver Application Server ABAP"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "SAP NetWeaver Enterprise Portal"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "SAP Software"
}
],
"category": "vendor",
"name": "SAP"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44747",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "SAP NetWeaver Application Server ABAP contains a memory management logical error that can be exploited by an authenticated attacker to cause memory corruption, potentially compromising data confidentiality, integrity, and system availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-44747 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44747.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
}
],
"title": "CVE-2026-44747"
},
{
"cve": "CVE-2026-27690",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "description",
"text": "An HTTP Request Smuggling vulnerability in SAP Approuter enables unauthenticated attackers to cause request-response desynchronization, potentially exposing user data and disrupting system availability, affecting confidentiality and availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-27690 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-27690.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
}
],
"title": "CVE-2026-27690"
},
{
"cve": "CVE-2026-44761",
"cwe": {
"id": "CWE-1392",
"name": "Use of Default Credentials"
},
"notes": [
{
"category": "other",
"text": "Use of Default Credentials",
"title": "CWE-1392"
},
{
"category": "description",
"text": "SAP Commerce Cloud contains a sample OAuth2 client with publicly documented credentials, enabling unauthenticated attackers to obtain access tokens and manipulate data, compromising confidentiality and integrity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-44761 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44761.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
}
],
"title": "CVE-2026-44761"
},
{
"cve": "CVE-2026-40128",
"cwe": {
"id": "CWE-35",
"name": "Path Traversal: \u0027.../...//\u0027"
},
"notes": [
{
"category": "other",
"text": "Path Traversal: \u0027.../...//\u0027",
"title": "CWE-35"
},
{
"category": "description",
"text": "A Directory Traversal vulnerability in SAP NetWeaver Application Server Java (Web Container) allows unauthenticated attackers to exploit crafted HTTP logon requests to manipulate file inclusion parameters and access or modify sensitive files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-40128 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40128.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
}
],
"title": "CVE-2026-40128"
},
{
"cve": "CVE-2026-40860",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "Apache Camel\u0027s JMS components contain deserialization vulnerabilities allowing remote code execution via crafted ObjectMessages, affecting multiple versions including those used in SAP Integration Suite\u0027s Edge Integration Cell.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-40860 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40860.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
}
],
"title": "CVE-2026-40860"
},
{
"cve": "CVE-2026-0487",
"cwe": {
"id": "CWE-427",
"name": "Uncontrolled Search Path Element"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Search Path Element",
"title": "CWE-427"
},
{
"category": "description",
"text": "SAProuter on Microsoft Windows suffers from a DLL Hijacking vulnerability that enables unauthenticated attackers to execute arbitrary code by loading malicious DLLs from untrusted locations, compromising system confidentiality, integrity, and availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-0487 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-0487.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
}
],
"title": "CVE-2026-0487"
},
{
"cve": "CVE-2026-44752",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "SAP NetWeaver Application Server Java, including its Configuration Wizard, is vulnerable to Cross-Site Scripting (XSS) attacks via crafted URLs that can execute malicious JavaScript, compromising session confidentiality and altering displayed data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-44752 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44752.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
}
],
"title": "CVE-2026-44752"
},
{
"cve": "CVE-2026-44745",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
},
{
"category": "description",
"text": "SAP Approuter contains vulnerabilities including an OAuth2 login flow flaw allowing unauthorized access via improper header validation and an Open Redirect issue, affecting confidentiality and integrity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-44745 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44745.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
}
],
"title": "CVE-2026-44745"
},
{
"cve": "CVE-2026-43512",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"notes": [
{
"category": "other",
"text": "Incorrect Implementation of Authentication Algorithm",
"title": "CWE-303"
},
{
"category": "description",
"text": "Multiple critical vulnerabilities in Apache Tomcat versions 9.0.0.M1 to 11.0.21, including digest authentication bypass, WebDAV unbounded request sizes, HTTP/2 header validation flaws, and authorization bypass, have been addressed in updates 9.0.118, 10.1.55, and 11.0.22.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43512 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43512.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
}
],
"title": "CVE-2026-43512"
},
{
"cve": "CVE-2026-41293",
"notes": [
{
"category": "description",
"text": "Multiple Apache Tomcat versions exhibit vulnerabilities including improper input validation, HTTP/2 header validation flaws, WebDAV request size issues, WebSocket authentication exposure, and authorization bypasses, with updates released to address these security concerns.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-41293 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-41293.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
}
],
"title": "CVE-2026-41293"
},
{
"cve": "CVE-2026-43515",
"notes": [
{
"category": "description",
"text": "Apache Tomcat versions 7.0.0 to 11.0.21 have multiple security vulnerabilities including improper authorization with multiple method constraints, digest authentication bypass, HTTP/2 header validation flaws, WebDAV request size issues, and case sensitivity problems in LockOutRealm, resolved in versions 9.0.118, 10.1.55, and 11.0.22.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-43515 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-43515.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
}
],
"title": "CVE-2026-43515"
},
{
"cve": "CVE-2026-58233",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "The SAP Change and Transport System Attach Tool (ctsattach) contains a remote code execution vulnerability due to insecure deserialization of specially crafted archive files, enabling authenticated attackers to compromise system integrity and confidentiality.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-58233 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-58233.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
}
],
"title": "CVE-2026-58233"
},
{
"cve": "CVE-2026-44759",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "SAP NetWeaver Enterprise Portal is affected by a reflected Cross Site Scripting (XSS) vulnerability via URL parameters, enabling attackers to execute malicious scripts that may compromise session data and manipulate portal content.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-44759 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44759.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
}
],
"title": "CVE-2026-44759"
},
{
"cve": "CVE-2026-44767",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "The setThemeRoot() function contains a vulnerability that bypasses the sap-allowed-theme-origins allowlist, enabling attackers to perform cross-origin CSS injection via attacker-controlled URLs or parameters, resulting in UI redressing, phishing, and limited data exfiltration.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-44767 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44767.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
}
],
"title": "CVE-2026-44767"
},
{
"cve": "CVE-2026-44769",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"title": "CWE-89"
},
{
"category": "description",
"text": "SAP S/4HANA Project Management (PPM-PRO) contains an SQL Injection vulnerability that allows high-privilege attackers to execute crafted database queries, resulting in low confidentiality impact without affecting integrity or availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-44769 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44769.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
}
],
"title": "CVE-2026-44769"
},
{
"cve": "CVE-2026-44760",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "A Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP\u0027s Business Server Pages framework allows arbitrary JavaScript injection, risking session theft and unauthorized user actions with limited impact on confidentiality and integrity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-44760 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44760.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
}
],
"title": "CVE-2026-44760"
},
{
"cve": "CVE-2026-44771",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "description",
"text": "The SAP S/4HANA Draft operation contains a missing authorization check, allowing unauthorized users to access sensitive information and potentially escalate privileges, affecting confidentiality but not integrity or availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-44771 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44771.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
}
],
"title": "CVE-2026-44771"
},
{
"cve": "CVE-2026-44770",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "description",
"text": "The SAP S/4 HANA Create Single Payment function lacks necessary authorization checks, allowing unauthorized users to access certain entity set keys and potentially disclose sensitive information, affecting confidentiality.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-44770 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44770.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
}
],
"title": "CVE-2026-44770"
},
{
"cve": "CVE-2026-24315",
"cwe": {
"id": "CWE-35",
"name": "Path Traversal: \u0027.../...//\u0027"
},
"notes": [
{
"category": "other",
"text": "Path Traversal: \u0027.../...//\u0027",
"title": "CWE-35"
},
{
"category": "description",
"text": "SAP Fiori Launchpad is susceptible to malicious URL attacks that can lead to credential theft and account compromise, requiring advanced system knowledge and posing low risk to confidentiality and integrity without impacting availability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-24315 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-24315.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
}
],
"title": "CVE-2026-24315"
},
{
"cve": "CVE-2026-44768",
"cwe": {
"id": "CWE-15",
"name": "External Control of System or Configuration Setting"
},
"notes": [
{
"category": "other",
"text": "External Control of System or Configuration Setting",
"title": "CWE-15"
},
{
"category": "description",
"text": "SAP CRM WebClient UI is affected by a security misconfiguration that allows script injection due to missing Content Security Policy directives, impacting application integrity without affecting confidentiality or availability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-44768 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44768.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
}
],
"title": "CVE-2026-44768"
},
{
"cve": "CVE-2026-44753",
"cwe": {
"id": "CWE-204",
"name": "Observable Response Discrepancy"
},
"notes": [
{
"category": "other",
"text": "Observable Response Discrepancy",
"title": "CWE-204"
},
{
"category": "description",
"text": "SAP HANA Database and Extended Application Services classic model (User Self Service) contain vulnerabilities that allow unauthenticated attackers to enumerate valid user accounts and email addresses, leading to information disclosure affecting confidentiality.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-44753 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-44753.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
}
],
"title": "CVE-2026-44753"
},
{
"cve": "CVE-2025-68161",
"cwe": {
"id": "CWE-297",
"name": "Improper Validation of Certificate with Host Mismatch"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
},
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "description",
"text": "Apache Log4j Core versions 2.0-beta9 through 2.25.2 have a critical vulnerability in the Socket Appender due to missing TLS hostname verification, enabling man-in-the-middle attacks, affecting multiple vendors including Oracle, IBM, NetApp, and SAP.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-68161 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-68161.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
}
],
"title": "CVE-2025-68161"
},
{
"cve": "CVE-2026-40453",
"cwe": {
"id": "CWE-178",
"name": "Improper Handling of Case Sensitivity"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Case Sensitivity",
"title": "CWE-178"
},
{
"category": "description",
"text": "Multiple critical vulnerabilities in Apache Camel, including CVE-2025-27636, allow remote code execution and arbitrary file write via case-variant header injection, while HPE Telco NFV Orchestrator also contains exploitable security flaws.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-40453 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-40453.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
}
],
"title": "CVE-2026-40453"
},
{
"cve": "CVE-2026-33454",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "other",
"text": "Improper Use of Validation Framework",
"title": "CWE-1173"
},
{
"category": "description",
"text": "Apache Camel\u0027s Camel-Mail component and SAP Integration Suite\u0027s Edge Integration Cell contain vulnerabilities allowing attackers to inject malicious headers that can alter route behavior and application components.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-33454 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-33454.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12"
]
}
],
"title": "CVE-2026-33454"
}
]
}
RHSA-2026:13745
Vulnerability from csaf_redhat - Published: 2026-05-05 13:37 - Updated: 2026-07-15 14:33A flaw was found in Apache Tomcat. During WebSocket authentication, the HTTP Authentication Header can be exposed to unexpected hosts. This vulnerability leads to information disclosure, potentially allowing an attacker to gain access to sensitive authentication credentials.
A flaw was found in Apache Tomcat. When DIGEST authentication was configured, any user not known to the configured Realm would be authenticated if they presented the password "null". This allows a remote attacker to bypass security controls.
A flaw was found in Apache Tomcat. The AJP secret was comparable in non-constant time, allowing an attacker on the local network to mount a timing attack to determine the AJP secret, which may lead to unauthorized access or other security bypasses.
CWE-208 - Observable Timing DiscrepancyIn Apache Tomcat, when multiple security constraints defined an HTTP method constraint for the same extension pattern, only the first method constraint was applied. A remote attacker could exploit this to bypass intended security restrictions for information or actions within the application.
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:13745 | self |
| https://images.redhat.com/ | external |
| https://access.redhat.com/security/cve/CVE-2026-43512 | external |
| https://access.redhat.com/security/updates/classi… | external |
| https://access.redhat.com/security/cve/CVE-2026-43515 | external |
| https://access.redhat.com/security/cve/CVE-2026-42498 | external |
| https://access.redhat.com/security/cve/CVE-2026-43514 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2026-42498 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2476516 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42498 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42498 | external |
| https://lists.apache.org/thread/n61zwf75jrv09rz90… | external |
| https://access.redhat.com/security/cve/CVE-2026-43512 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2476511 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-43512 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-43512 | external |
| https://lists.apache.org/thread/7x09x7o12solvclsl… | external |
| https://access.redhat.com/security/cve/CVE-2026-43514 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2476512 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-43514 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-43514 | external |
| https://lists.apache.org/thread/2k654v5cq123npfsd… | external |
| https://access.redhat.com/security/cve/CVE-2026-43515 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2476519 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-43515 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-43515 | external |
| https://lists.apache.org/thread/746nxfxod0wsocxtm… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\ntomcat11:\n * tomcat11-11.0.22-0.1.hum1 (noarch)\n * tomcat11-admin-webapps-11.0.22-0.1.hum1 (noarch)\n * tomcat11-common-11.0.22-0.1.hum1 (noarch)\n * tomcat11-docs-webapp-11.0.22-0.1.hum1 (noarch)\n * tomcat11-el-6.0-api-11.0.22-0.1.hum1 (noarch)\n * tomcat11-jsp-4.0-api-11.0.22-0.1.hum1 (noarch)\n * tomcat11-lib-11.0.22-0.1.hum1 (noarch)\n * tomcat11-servlet-6.1-api-11.0.22-0.1.hum1 (noarch)\n * tomcat11-user-instance-11.0.22-0.1.hum1 (noarch)\n * tomcat11-webapps-11.0.22-0.1.hum1 (noarch)\n * tomcat11-11.0.22-0.1.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:13745",
"url": "https://access.redhat.com/errata/RHSA-2026:13745"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-43512",
"url": "https://access.redhat.com/security/cve/CVE-2026-43512"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-43515",
"url": "https://access.redhat.com/security/cve/CVE-2026-43515"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42498",
"url": "https://access.redhat.com/security/cve/CVE-2026-42498"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-43514",
"url": "https://access.redhat.com/security/cve/CVE-2026-43514"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_13745.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-15T14:33:52+00:00",
"generator": {
"date": "2026-07-15T14:33:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.6"
}
},
"id": "RHSA-2026:13745",
"initial_release_date": "2026-05-05T13:37:49+00:00",
"revision_history": [
{
"date": "2026-05-05T13:37:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-16T12:31:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-15T14:33:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-main@noarch",
"product": {
"name": "tomcat11-main@noarch",
"product_id": "tomcat11-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat11@11.0.22-0.1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat11-main@src",
"product": {
"name": "tomcat11-main@src",
"product_id": "tomcat11-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat11@11.0.22-0.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:tomcat11-main@noarch"
},
"product_reference": "tomcat11-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat11-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:tomcat11-main@src"
},
"product_reference": "tomcat11-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-42498",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-12T16:01:38.872167+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476516"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. During WebSocket authentication, the HTTP Authentication Header can be exposed to unexpected hosts. This vulnerability leads to information disclosure, potentially allowing an attacker to gain access to sensitive authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat-coyote: Apache Tomcat: Information disclosure due to HTTP Authentication Header exposure during WebSocket authentication.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42498"
},
{
"category": "external",
"summary": "RHBZ#2476516",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476516"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42498",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42498"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42498",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42498"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n61zwf75jrv09rz90j4jssncm244bwdb",
"url": "https://lists.apache.org/thread/n61zwf75jrv09rz90j4jssncm244bwdb"
}
],
"release_date": "2026-05-12T15:17:56.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T13:37:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13745"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat-coyote: Apache Tomcat: Information disclosure due to HTTP Authentication Header exposure during WebSocket authentication."
},
{
"cve": "CVE-2026-43512",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2026-05-12T16:01:26.008892+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476511"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. When DIGEST authentication was configured, any user not known to the configured Realm would be authenticated if they presented the password \"null\". This allows a remote attacker to bypass security controls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat-coyote: Apache Tomcat: Authentication bypass via digest authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate flaw in Apache Tomcat allows an authentication bypass when DIGEST authentication is configured. An attacker can authenticate as any unknown user by providing the password \u0027null\u0027, potentially gaining unauthorized access to applications protected by DIGEST authentication. Red Hat products are only affected if they are configured to use DIGEST authentication, which is not a common, out of the box and expected configuration for Production environments. \n\nFurthermore, because the unknown user is not mapped to any valid realm roles, their access is still restricted by standard application authorization constraints, significantly limiting the actual impact.\n\nThe unknown user is not mapped to any existing user, which means, it does not steal credentials nor impersonate an existing user. This new user is expected to have the minimum possible authentication and authorization range within the realm inherited roles.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-43512"
},
{
"category": "external",
"summary": "RHBZ#2476511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476511"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-43512",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43512"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-43512",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43512"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73",
"url": "https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73"
}
],
"release_date": "2026-05-12T15:24:02.424000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T13:37:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13745"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable DIGEST authentication within Apache Tomcat if it is not essential for your environment. This involves modifying the server\u0027s authentication configuration to utilize alternative methods or remove the DIGEST realm. A service restart is required for these changes to take effect and may impact functionality relying on DIGEST authentication.",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat-coyote: Apache Tomcat: Authentication bypass via digest authentication"
},
{
"cve": "CVE-2026-43514",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2026-05-12T16:01:28.665836+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. The AJP secret was comparable in non-constant time, allowing an attacker on the local network to mount a timing attack to determine the AJP secret, which may lead to unauthorized access or other security bypasses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat-coyote: Apache Tomcat: Information disclosure via AJP secret timing discrepancy",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-43514"
},
{
"category": "external",
"summary": "RHBZ#2476512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-43514",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43514"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-43514",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43514"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/2k654v5cq123npfsd1b2kk1y30owqb1m",
"url": "https://lists.apache.org/thread/2k654v5cq123npfsd1b2kk1y30owqb1m"
}
],
"release_date": "2026-05-12T15:32:09.858000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T13:37:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13745"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat-coyote: Apache Tomcat: Information disclosure via AJP secret timing discrepancy"
},
{
"cve": "CVE-2026-43515",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-05-12T16:01:46.217175+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476519"
}
],
"notes": [
{
"category": "description",
"text": "In Apache Tomcat, when multiple security constraints defined an HTTP method constraint for the same extension pattern, only the first method constraint was applied. A remote attacker could exploit this to bypass intended security restrictions for information or actions within the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat-coyote: tomcat: Improper Authorization allows security bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-43515"
},
{
"category": "external",
"summary": "RHBZ#2476519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-43515",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43515"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-43515",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43515"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/746nxfxod0wsocxtmv8pb8nkgmwpc6bb",
"url": "https://lists.apache.org/thread/746nxfxod0wsocxtmv8pb8nkgmwpc6bb"
}
],
"release_date": "2026-05-12T15:33:23.311000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T13:37:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13745"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:tomcat11-main@noarch",
"Red Hat Hardened Images:tomcat11-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat-coyote: tomcat: Improper Authorization allows security bypass"
}
]
}
RHSA-2026:16528
Vulnerability from csaf_redhat - Published: 2026-05-12 20:44 - Updated: 2026-07-15 14:33A flaw was found in Apache Tomcat. During WebSocket authentication, the HTTP Authentication Header can be exposed to unexpected hosts. This vulnerability leads to information disclosure, potentially allowing an attacker to gain access to sensitive authentication credentials.
A flaw was found in Apache Tomcat. When DIGEST authentication was configured, any user not known to the configured Realm would be authenticated if they presented the password "null". This allows a remote attacker to bypass security controls.
A flaw was found in Apache Tomcat. The AJP secret was comparable in non-constant time, allowing an attacker on the local network to mount a timing attack to determine the AJP secret, which may lead to unauthorized access or other security bypasses.
CWE-208 - Observable Timing DiscrepancyIn Apache Tomcat, when multiple security constraints defined an HTTP method constraint for the same extension pattern, only the first method constraint was applied. A remote attacker could exploit this to bypass intended security restrictions for information or actions within the application.
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:16528 | self |
| https://images.redhat.com/ | external |
| https://access.redhat.com/security/cve/CVE-2026-43512 | external |
| https://access.redhat.com/security/updates/classi… | external |
| https://access.redhat.com/security/cve/CVE-2026-43515 | external |
| https://access.redhat.com/security/cve/CVE-2026-42498 | external |
| https://access.redhat.com/security/cve/CVE-2026-43514 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2026-42498 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2476516 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42498 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42498 | external |
| https://lists.apache.org/thread/n61zwf75jrv09rz90… | external |
| https://access.redhat.com/security/cve/CVE-2026-43512 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2476511 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-43512 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-43512 | external |
| https://lists.apache.org/thread/7x09x7o12solvclsl… | external |
| https://access.redhat.com/security/cve/CVE-2026-43514 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2476512 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-43514 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-43514 | external |
| https://lists.apache.org/thread/2k654v5cq123npfsd… | external |
| https://access.redhat.com/security/cve/CVE-2026-43515 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2476519 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-43515 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-43515 | external |
| https://lists.apache.org/thread/746nxfxod0wsocxtm… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\ntomcat10:\n * tomcat10-10.1.55-1.hum1 (noarch)\n * tomcat10-admin-webapps-10.1.55-1.hum1 (noarch)\n * tomcat10-common-10.1.55-1.hum1 (noarch)\n * tomcat10-docs-webapp-10.1.55-1.hum1 (noarch)\n * tomcat10-el-5.0-api-10.1.55-1.hum1 (noarch)\n * tomcat10-jsp-3.1-api-10.1.55-1.hum1 (noarch)\n * tomcat10-lib-10.1.55-1.hum1 (noarch)\n * tomcat10-servlet-6.0-api-10.1.55-1.hum1 (noarch)\n * tomcat10-user-instance-10.1.55-1.hum1 (noarch)\n * tomcat10-webapps-10.1.55-1.hum1 (noarch)\n * tomcat10-10.1.55-1.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:16528",
"url": "https://access.redhat.com/errata/RHSA-2026:16528"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-43512",
"url": "https://access.redhat.com/security/cve/CVE-2026-43512"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-43515",
"url": "https://access.redhat.com/security/cve/CVE-2026-43515"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42498",
"url": "https://access.redhat.com/security/cve/CVE-2026-42498"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-43514",
"url": "https://access.redhat.com/security/cve/CVE-2026-43514"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_16528.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-15T14:33:49+00:00",
"generator": {
"date": "2026-07-15T14:33:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.6"
}
},
"id": "RHSA-2026:16528",
"initial_release_date": "2026-05-12T20:44:29+00:00",
"revision_history": [
{
"date": "2026-05-12T20:44:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-16T12:31:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-15T14:33:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-main@noarch",
"product": {
"name": "tomcat10-main@noarch",
"product_id": "tomcat10-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat10@10.1.55-1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat10-main@src",
"product": {
"name": "tomcat10-main@src",
"product_id": "tomcat10-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat10@10.1.55-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:tomcat10-main@noarch"
},
"product_reference": "tomcat10-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat10-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:tomcat10-main@src"
},
"product_reference": "tomcat10-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-42498",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-12T16:01:38.872167+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476516"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. During WebSocket authentication, the HTTP Authentication Header can be exposed to unexpected hosts. This vulnerability leads to information disclosure, potentially allowing an attacker to gain access to sensitive authentication credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat-coyote: Apache Tomcat: Information disclosure due to HTTP Authentication Header exposure during WebSocket authentication.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42498"
},
{
"category": "external",
"summary": "RHBZ#2476516",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476516"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42498",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42498"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42498",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42498"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/n61zwf75jrv09rz90j4jssncm244bwdb",
"url": "https://lists.apache.org/thread/n61zwf75jrv09rz90j4jssncm244bwdb"
}
],
"release_date": "2026-05-12T15:17:56.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T20:44:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16528"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat-coyote: Apache Tomcat: Information disclosure due to HTTP Authentication Header exposure during WebSocket authentication."
},
{
"cve": "CVE-2026-43512",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2026-05-12T16:01:26.008892+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476511"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. When DIGEST authentication was configured, any user not known to the configured Realm would be authenticated if they presented the password \"null\". This allows a remote attacker to bypass security controls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat-coyote: Apache Tomcat: Authentication bypass via digest authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate flaw in Apache Tomcat allows an authentication bypass when DIGEST authentication is configured. An attacker can authenticate as any unknown user by providing the password \u0027null\u0027, potentially gaining unauthorized access to applications protected by DIGEST authentication. Red Hat products are only affected if they are configured to use DIGEST authentication, which is not a common, out of the box and expected configuration for Production environments. \n\nFurthermore, because the unknown user is not mapped to any valid realm roles, their access is still restricted by standard application authorization constraints, significantly limiting the actual impact.\n\nThe unknown user is not mapped to any existing user, which means, it does not steal credentials nor impersonate an existing user. This new user is expected to have the minimum possible authentication and authorization range within the realm inherited roles.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-43512"
},
{
"category": "external",
"summary": "RHBZ#2476511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476511"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-43512",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43512"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-43512",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43512"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73",
"url": "https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73"
}
],
"release_date": "2026-05-12T15:24:02.424000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T20:44:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16528"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable DIGEST authentication within Apache Tomcat if it is not essential for your environment. This involves modifying the server\u0027s authentication configuration to utilize alternative methods or remove the DIGEST realm. A service restart is required for these changes to take effect and may impact functionality relying on DIGEST authentication.",
"product_ids": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat-coyote: Apache Tomcat: Authentication bypass via digest authentication"
},
{
"cve": "CVE-2026-43514",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2026-05-12T16:01:28.665836+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. The AJP secret was comparable in non-constant time, allowing an attacker on the local network to mount a timing attack to determine the AJP secret, which may lead to unauthorized access or other security bypasses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat-coyote: Apache Tomcat: Information disclosure via AJP secret timing discrepancy",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-43514"
},
{
"category": "external",
"summary": "RHBZ#2476512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-43514",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43514"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-43514",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43514"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/2k654v5cq123npfsd1b2kk1y30owqb1m",
"url": "https://lists.apache.org/thread/2k654v5cq123npfsd1b2kk1y30owqb1m"
}
],
"release_date": "2026-05-12T15:32:09.858000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T20:44:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16528"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat-coyote: Apache Tomcat: Information disclosure via AJP secret timing discrepancy"
},
{
"cve": "CVE-2026-43515",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-05-12T16:01:46.217175+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476519"
}
],
"notes": [
{
"category": "description",
"text": "In Apache Tomcat, when multiple security constraints defined an HTTP method constraint for the same extension pattern, only the first method constraint was applied. A remote attacker could exploit this to bypass intended security restrictions for information or actions within the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat-coyote: tomcat: Improper Authorization allows security bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-43515"
},
{
"category": "external",
"summary": "RHBZ#2476519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-43515",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43515"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-43515",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43515"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/746nxfxod0wsocxtmv8pb8nkgmwpc6bb",
"url": "https://lists.apache.org/thread/746nxfxod0wsocxtmv8pb8nkgmwpc6bb"
}
],
"release_date": "2026-05-12T15:33:23.311000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-12T20:44:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16528"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:tomcat10-main@noarch",
"Red Hat Hardened Images:tomcat10-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat-coyote: tomcat: Improper Authorization allows security bypass"
}
]
}
RHSA-2026:25123
Vulnerability from csaf_redhat - Published: 2026-06-10 19:42 - Updated: 2026-07-09 15:32A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator (URL) containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization, leading to distinct URLs resolving to the same internal path. This could allow an attacker to bypass security policies that rely on path-based comparisons, potentially gaining unauthorized access to resources.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64 | — |
A flaw was found in Netty. The HttpProxyHandler component, which handles HTTP CONNECT requests, does not properly validate user-provided outbound headers. This allows an attacker to inject arbitrary HTTP headers into the CONNECT request sent to the proxy server. This could lead to unexpected behavior or potential bypass of security controls on the proxy server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64 | — |
A flaw was found in Netty. Netty's DNS (Domain Name System) codec does not properly enforce domain name constraints as defined in RFC 1035 during both encoding and decoding processes. This vulnerability allows a remote attacker to exploit the decoder using malicious DNS responses or exploit the encoder through user-influenced hostnames, leading to a high integrity impact on the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64 | — |
Workaround
|
A flaw was found in Netty's HttpObjectDecoder. A remote attacker can exploit this by sending a specially crafted HTTP/1.0 request that includes both `Transfer-Encoding: chunked` and `Content-Length` headers. While Netty correctly strips the conflicting `Content-Length` header for HTTP/1.1 messages, this guard is absent for HTTP/1.0. This can lead to HTTP request smuggling, where downstream proxies or handlers may misinterpret message boundaries, potentially allowing an attacker to bypass security controls or access unauthorized information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64 | — |
Workaround
|
A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses (103, followed by a 200 with a GET body, then another 200 for a HEAD request) when the client pipelines GET then HEAD requests. This can cause the HttpClientCodec to incorrectly pair responses, leading to subsequent HTTP responses being parsed from the wrong offset. This issue may result in information disclosure or other data integrity problems due to misinterpretation of network traffic.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64 | — |
A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli (br), Zstandard (zstd), or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an out-of-memory Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64 | — |
Workaround
|
A flaw was found in Apache Tomcat. When DIGEST authentication was configured, any user not known to the configured Realm would be authenticated if they presented the password "null". This allows a remote attacker to bypass security controls.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64 | — |
Workaround
|
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:25123 | self |
| https://access.redhat.com/documentation/en-us/red… | external |
| https://access.redhat.com/security/cve/CVE-2026-42578 | external |
| https://access.redhat.com/security/cve/CVE-2026-42579 | external |
| https://access.redhat.com/security/cve/CVE-2026-42581 | external |
| https://access.redhat.com/security/cve/CVE-2026-42584 | external |
| https://access.redhat.com/security/cve/CVE-2026-42587 | external |
| https://access.redhat.com/security/cve/CVE-2026-43512 | external |
| https://access.redhat.com/security/cve/CVE-2026-6321 | external |
| https://access.redhat.com/security/updates/classi… | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2026-6321 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2466582 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-6321 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-6321 | external |
| https://cna.openjsf.org/security-advisories.html | external |
| https://github.com/fastify/fast-uri/security/advi… | external |
| https://access.redhat.com/security/cve/CVE-2026-42578 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477226 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42578 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42578 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42579 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477217 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42579 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42579 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42581 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477232 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42581 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42581 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42584 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477224 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42584 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42584 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-42587 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477220 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-42587 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-42587 | external |
| https://github.com/netty/netty/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2026-43512 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2476511 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-43512 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-43512 | external |
| https://lists.apache.org/thread/7x09x7o12solvclsl… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Dev Spaces 3.28.2 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "This release provides security fixes for Dev Spaces components. \nhttps://access.redhat.com/support/policy/updates/openshift#crw",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:25123",
"url": "https://access.redhat.com/errata/RHSA-2026:25123"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.28/html/administration_guide/installing-devspaces",
"url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.28/html/administration_guide/installing-devspaces"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42578",
"url": "https://access.redhat.com/security/cve/CVE-2026-42578"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42579",
"url": "https://access.redhat.com/security/cve/CVE-2026-42579"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42581",
"url": "https://access.redhat.com/security/cve/CVE-2026-42581"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42584",
"url": "https://access.redhat.com/security/cve/CVE-2026-42584"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42587",
"url": "https://access.redhat.com/security/cve/CVE-2026-42587"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-43512",
"url": "https://access.redhat.com/security/cve/CVE-2026-43512"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6321",
"url": "https://access.redhat.com/security/cve/CVE-2026-6321"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_25123.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.28.2 Release.",
"tracking": {
"current_release_date": "2026-07-09T15:32:15+00:00",
"generator": {
"date": "2026-07-09T15:32:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:25123",
"initial_release_date": "2026-06-10T19:42:14+00:00",
"revision_history": [
{
"date": "2026-06-10T19:42:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-10T19:42:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-09T15:32:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Dev Spaces 3.28",
"product": {
"name": "Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_devspaces:3.28::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Dev Spaces"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=1780679565"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3A0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/code-sshd-rhel9\u0026tag=1780678593"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=1780548550"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3Aca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=1780685176"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3Af1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=1780573614"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/jetbrains-ide-rhel9\u0026tag=1780608672"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3A1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/multicluster-redirector-rhel9\u0026tag=1780695724"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3Aaf397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/openvsx-rhel9\u0026tag=1780948325"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=1780592394"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3Afbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=1780696380"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3Ae2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=1780694994"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=1780593759"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=1780929707"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3A224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel10\u0026tag=1780600267"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3A505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=1780601703"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=1780679565"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3A324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/code-sshd-rhel9\u0026tag=1780678593"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3Ab52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=1780548550"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3Adee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=1780685176"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=1780573614"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/jetbrains-ide-rhel9\u0026tag=1780608672"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3A060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/multicluster-redirector-rhel9\u0026tag=1780695724"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3A3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/openvsx-rhel9\u0026tag=1780948325"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=1780592394"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3A06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=1780696380"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=1780694994"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=1780593759"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=1780929707"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3Acb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel10\u0026tag=1780600267"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3A93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2?arch=arm64\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=1780601703"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3Ab1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/code-sshd-rhel9\u0026tag=1780678593"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3Abb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=1780679565"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=1780548550"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=1780685176"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=1780573614"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/jetbrains-ide-rhel9\u0026tag=1780608672"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3Abaff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/multicluster-redirector-rhel9\u0026tag=1780695724"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3Ab73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/openvsx-rhel9\u0026tag=1780948325"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3Add4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=1780592394"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"product_id": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256%3Af78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=1780937740"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3A80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=1780696380"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=1780694994"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=1780593759"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=1780929707"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3Ac10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel10\u0026tag=1780600267"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3A2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=1780601703"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=1780679565"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3A82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/code-sshd-rhel9\u0026tag=1780678593"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=1780548550"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3Aae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=1780685176"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=1780573614"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/jetbrains-ide-rhel9\u0026tag=1780608672"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3Ae9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/multicluster-redirector-rhel9\u0026tag=1780695724"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3Acef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/openvsx-rhel9\u0026tag=1780948325"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3Aa5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=1780592394"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3Aa062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=1780696380"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3Af8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=1780694994"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=1780593759"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=1780929707"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3A1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel10\u0026tag=1780600267"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3A06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=1780601703"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64 as a component of Red Hat OpenShift Dev Spaces 3.28",
"product_id": "Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.28"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6321",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-05-04T20:01:14.938426+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466582"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator (URL) containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization, leading to distinct URLs resolving to the same internal path. This could allow an attacker to bypass security policies that rely on path-based comparisons, potentially gaining unauthorized access to resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6321"
},
{
"category": "external",
"summary": "RHBZ#2466582",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466582"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6321",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6321"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6321"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6",
"url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6"
}
],
"release_date": "2026-05-04T19:31:57.253000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T19:42:14+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25123"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies"
},
{
"cve": "CVE-2026-42578",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-05-13T19:02:00.826936+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477226"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. The HttpProxyHandler component, which handles HTTP CONNECT requests, does not properly validate user-provided outbound headers. This allows an attacker to inject arbitrary HTTP headers into the CONNECT request sent to the proxy server. This could lead to unexpected behavior or potential bypass of security controls on the proxy server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42578"
},
{
"category": "external",
"summary": "RHBZ#2477226",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477226"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42578",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42578"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-45q3-82m4-75jr",
"url": "https://github.com/netty/netty/security/advisories/GHSA-45q3-82m4-75jr"
}
],
"release_date": "2026-05-13T17:57:43.538000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T19:42:14+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25123"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-handler-proxy: Netty: HTTP Header Injection via HttpProxyHandler Disabled Validation"
},
{
"cve": "CVE-2026-42579",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-05-13T19:01:25.062732+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477217"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. Netty\u0027s DNS (Domain Name System) codec does not properly enforce domain name constraints as defined in RFC 1035 during both encoding and decoding processes. This vulnerability allows a remote attacker to exploit the decoder using malicious DNS responses or exploit the encoder through user-influenced hostnames, leading to a high integrity impact on the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important integrity flaw in Netty\u0027s DNS codec. The vulnerability arises from insufficient enforcement of RFC 1035 domain name constraints during both encoding and decoding, allowing remote attackers to manipulate DNS responses or user-controlled hostnames. This could lead to a high integrity impact on affected Red Hat products that utilize the vulnerable Netty DNS codec.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42579"
},
{
"category": "external",
"summary": "RHBZ#2477217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477217"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42579",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42579"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm",
"url": "https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm"
}
],
"release_date": "2026-05-13T18:01:52.500000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T19:42:14+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25123"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement"
},
{
"cve": "CVE-2026-42581",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-05-13T19:02:26.404511+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477232"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s HttpObjectDecoder. A remote attacker can exploit this by sending a specially crafted HTTP/1.0 request that includes both `Transfer-Encoding: chunked` and `Content-Length` headers. While Netty correctly strips the conflicting `Content-Length` header for HTTP/1.1 messages, this guard is absent for HTTP/1.0. This can lead to HTTP request smuggling, where downstream proxies or handlers may misinterpret message boundaries, potentially allowing an attacker to bypass security controls or access unauthorized information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw. Netty\u0027s HttpObjectDecoder, used across various Red Hat products, improperly handles conflicting `Transfer-Encoding: chunked` and `Content-Length` headers in HTTP/1.0 requests. This allows a remote attacker to perform HTTP request smuggling, potentially bypassing security controls or gaining unauthorized access to information due to misinterpretation of message boundaries by downstream proxies or handlers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42581"
},
{
"category": "external",
"summary": "RHBZ#2477232",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477232"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42581",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42581"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9",
"url": "https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9"
}
],
"release_date": "2026-05-13T17:54:44.492000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T19:42:14+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25123"
},
{
"category": "workaround",
"details": "To mitigate this issue, configure any reverse proxies or load balancers in front of Netty to either reject HTTP/1.0 requests containing both Transfer-Encoding: chunked and Content-Length headers, or to explicitly prioritize the Transfer-Encoding header over Content-Length for HTTP/1.0 traffic. This ensures consistent interpretation of message boundaries and prevents request smuggling attacks.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers"
},
{
"cve": "CVE-2026-42584",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-05-13T19:01:51.846351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477224"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses (103, followed by a 200 with a GET body, then another 200 for a HEAD request) when the client pipelines GET then HEAD requests. This can cause the HttpClientCodec to incorrectly pair responses, leading to subsequent HTTP responses being parsed from the wrong offset. This issue may result in information disclosure or other data integrity problems due to misinterpretation of network traffic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in Netty\u0027s HttpClientCodec allows a remote attacker to cause data confusion. By sending a specially crafted sequence of HTTP responses, an attacker can cause subsequent HTTP responses to be parsed incorrectly, potentially leading to information disclosure or data integrity issues in applications utilizing Netty for HTTP client operations. This vulnerability affects various Red Hat products that bundle Netty, including Red Hat AMQ, Enterprise Application Platform, Red Hat Build of Quarkus, and Red Hat Build of Keycloak.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42584"
},
{
"category": "external",
"summary": "RHBZ#2477224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477224"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42584",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42584"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3",
"url": "https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3"
}
],
"release_date": "2026-05-13T18:10:48.437000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T19:42:14+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25123"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion"
},
{
"cve": "CVE-2026-42587",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-13T19:01:35.415881+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli (br), Zstandard (zstd), or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an out-of-memory Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in Netty\u0027s HTTP content decompression. A remote attacker can exploit this flaw by sending specially crafted compressed payloads using Brotli, Zstandard, or Snappy encodings, bypassing configured decompression limits. This leads to unbounded memory allocation, potentially causing an out-of-memory condition and rendering affected Red Hat systems unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42587"
},
{
"category": "external",
"summary": "RHBZ#2477220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42587",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42587"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv"
}
],
"release_date": "2026-05-13T18:22:21.699000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T19:42:14+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25123"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression"
},
{
"cve": "CVE-2026-43512",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2026-05-12T16:01:26.008892+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476511"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Tomcat. When DIGEST authentication was configured, any user not known to the configured Realm would be authenticated if they presented the password \"null\". This allows a remote attacker to bypass security controls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat-coyote: Apache Tomcat: Authentication bypass via digest authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate flaw in Apache Tomcat allows an authentication bypass when DIGEST authentication is configured. An attacker can authenticate as any unknown user by providing the password \u0027null\u0027, potentially gaining unauthorized access to applications protected by DIGEST authentication. Red Hat products are only affected if they are configured to use DIGEST authentication, which is not a common, out of the box and expected configuration for Production environments. \n\nFurthermore, because the unknown user is not mapped to any valid realm roles, their access is still restricted by standard application authorization constraints, significantly limiting the actual impact.\n\nThe unknown user is not mapped to any existing user, which means, it does not steal credentials nor impersonate an existing user. This new user is expected to have the minimum possible authentication and authorization range within the realm inherited roles.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-43512"
},
{
"category": "external",
"summary": "RHBZ#2476511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476511"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-43512",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43512"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-43512",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43512"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73",
"url": "https://lists.apache.org/thread/7x09x7o12solvclslw3sz0288xc8wx73"
}
],
"release_date": "2026-05-12T15:24:02.424000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T19:42:14+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25123"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable DIGEST authentication within Apache Tomcat if it is not essential for your environment. This involves modifying the server\u0027s authentication configuration to utilize alternative methods or remove the DIGEST realm. A service restart is required for these changes to take effect and may impact functionality relying on DIGEST authentication.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:7e20cd1d638296bcab93a704bfce3ff7cf6c0f7e632e07e69fcacfedf9e8b120_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:83e1013b0ce89c1f4fc0038c1cb7eab2fd541a6fb1de6a0596fe669a76cde1f4_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:9d47eee451c3d7c7a0c2d83824849ac4053110107997a41df26fe28f9b4749de_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-rhel9@sha256:bb9e332650eb73ce20accc25d8bc73bb935e39e0bc6a9b0e7b163707ae25ce6f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:0ce3e6baa0af251b5ae5e8cc64de363aa144c420e1416a2a7bf522aefe0b6dd3_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:324758a4c214f743ba3f38eee3ae2c3f42eac80ac4c10801e103fc531d73cf51_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:82994d108c21e3f53c2d87bdec8ddcdb0c0f81c7f1ed93ac996fe83046ea8ed1_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:b1b3d7416bc5c1609fa890229fc0a0809bc1906813bb4834f57dc610f88974c1_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:5bcd49999db0f7ac5fbc2461c7ac50dec267ee8b4f64c95bdcd746188ab0bfa0_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:62ecbc41b3f1d3cd81e9593fdacac8397d1fc3f616717b247346ac218b7a2ff7_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:7ee3d2e13995479495aa2a2f3b7a8f8133f7b69d0e753b00e3fe2ee00416b3a9_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/configbump-rhel9@sha256:b52e83ecc17aefda4a83671c267b3086bb5f92d78259c3e3b2b389042bac7230_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:1cef563af30567f7aba3baeb6fa94494f93ac07350a23fabaa67d079f780f640_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ae7dc192f8ca8c78dc6eb12ef2846b45057e22e183207743aad9261fb5adcb6e_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ca07c7ae5cdcf93df21348d92c4828e4615b324f2f765907b3459f0d5090c628_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/dashboard-rhel9@sha256:dee20a799ccf5bae94ed50fd2d79ea162cd7384990427db93281fe590d6c7767_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:f78d91e983f0f8be019382c2fb620a655bf9f8204bd839e9bfb9c35e1ab8fc90_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4757ac1e8c5a53e2d9a7ce896dbcc1232806a47a29470285c6fee9778a2f0b25_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:4e4a72be08cf691ee40dc79d2e625a5b59cf709e15219537ee04a1f03a3df23e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:a5b3c16ca82c2585debbef262d8de80bb8566384c916915d9fce92d233268d1c_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:dd4b506d04a2e7be2c62c53a7e1f60fe828ba7f0fc2aab7f6a752f1a4c4e699b_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:21d1288562fc757e4714cde2c253c077fba1b7762ab4041e8b3f55d9da1e7b82_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:2423f169dcd795c9326d59d953b4507485bf2ef8971f066969dfb2ca921bdf1f_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:5e4c074f39614f529e79c8de011446a0b621fb189485eff0061f95f99f0950f8_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:f1cf981295bdfddb68c8cb83e03da7cbec9aada7dce16586a1508351b11c2e73_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0de97d2e0e6589cfd3889eca0284154e857c4deef4ab45420e0d75bfc8030252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:12a042cb9e94c6502b61c6d08a49bc8b81f8d3e23932b08c29566906508801d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:25137cf516214eac04d5f1fd2ad9a38658e8fc741600b50b4c44f00db437cf01_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:5cb0df6d628f764eead0f67206b7251b737932ae04f81dd8c1fd416d2c1be455_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:060059363ac7718e9599e0612c95b583b563fac5a6616dfecc9c42413b2a3f56_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:1bd73bae94af4a5be1b62e555df3a1b863f22c427f95d2bbbd24e4ffcce7a264_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:baff02ec968933899873d989d8faf4fb27aedcbca5406009408638678a832b96_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:e9347202b67b4a2ad17b820af7148d4473764996ce1368d5460b6fff2d79935a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:3eda021137370af8e8cf2c996a7a10733824f1d23e56534efd4f46aa40ce7777_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:af397f83a7394b676299501672623ca9c01b8351db0d73531b0bf325e55558f6_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b73dc3b1ac96a877aba609233dc0ae60685716b272e3dc1f8db59c23c438049d_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/openvsx-rhel9@sha256:cef4269f4d91814bc144c94718d6aa59c4e03eab341eebf87ec05e38e7b7e49f_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:06d061cdda5ac9ddd48647c2c86b5ceb5a5f25acc7e314ebb319a690af588209_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:80842e498a91358d73a511ec25acc2a6d26dca76c9f775108778700e8541c252_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:a062fd2a510100fc03a5f14102104a34b2e24bddc5661ac95ed39dad6a5f46b9_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:fbdf611c5aac4e33644ed8eb5a72b88b5c5a6690f24a64a3cff7002a483827d8_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:4f63b37a50013481f95ca70ea3e0baf257601aa86ba6dd3efe5ad039b3170f04_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:56f4b3132a1785e7a323fc9fb5e1d2040d30a7c8d81fd00a42d619a8881e9492_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:e2d0551322d379e77a72218fb37244f8a187e6ff52ae6f61e7b673c2c23ce39f_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/server-rhel9@sha256:f8200f2b4b8c5cb5a5aef1fa6f8f15297cb720512a0df784629129afc0d5810a_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:0912cc02b70a7cc6895cdfde15647865de99f03880715c6b8e584adf70c14707_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1d4269b06d396a7ec1e952daa47a4bd5b00915d6d0cd5a3270fe471a6a75517b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:1e2b5bff8974b54038cf635faaa293458bcfa2e75a9ee57e2712b30d9b35e0ac_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/traefik-rhel9@sha256:6798e67f7d39b831b6c947a50c4420c9d92160079bbd2d62d07b9f991be4abfd_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:1a56d8592fe048ebe0c1549ec0249a5f61842cbb5c58545649b394df98fbae06_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:224939e501ffed4ffe09a5198138486e72b04d1486787a6c4c3abee8cd7dffba_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:c10a24ed873306c38e5d7aa96d9ffa9b71b2e6dac2ee18f557af008ef460d708_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel10@sha256:cb73c78e8214996408490b36f176be3b6d0047a116f705478afd162c8260292d_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:06172d66fc92096c6d1b517ac2edfc35e06255859152ea8aa83ea57bb789bb0b_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:2268f482a70624ca1670675df27f0a6a4e7ea41669f021059ebafbc0465d5411_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:505295ab2811eb723a334501a853eb238c2ec96073f36296226d58fa12aefd3c_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-base-rhel9@sha256:93ae4574a68c0f16acf2146ab09b56e446fd012697c1194cfa9f4ac717a300c2_arm64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:2f672c4b1bc77639a5ccf2f7f923691aefe2ab2e6e76de830a0727633c80af17_s390x",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:763e7470768ecf6551d9d9af7a7a48605ceafaad3e001f48ae08ce94d6facb42_ppc64le",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:80c9c0c3aa02ae7b447c33a8bb9aff07fc243b2b484db28975b79b9007612629_amd64",
"Red Hat OpenShift Dev Spaces 3.28:registry.redhat.io/devspaces/udi-rhel9@sha256:8a4c7ae0ffaa1f6d3b87c60d27817a3d1636a5609cf159dce66d80c2f0ad6f9b_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat-coyote: Apache Tomcat: Authentication bypass via digest authentication"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.