rhsa-2025:0892
Vulnerability from csaf_redhat
Published
2025-02-03 16:38
Modified
2025-03-30 12:18
Summary
Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.18.0 release
Notes
Topic
Red Hat OpenShift Dev Spaces 3.18 has been released.
All containers have been updated to include feature enhancements, bug fixes and CVE fixes.
Following the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.
Details
Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.
The 3.18 release is based on Eclipse Che 7.95 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.
Users still using the v1 standard should migrate as soon as possible.
https://devfile.io/docs/2.2.0/migrating-to-devfile-v2
The CVEs addressed in this release are:
CVE-2024-21538 - Updated cross-spawn dependency to 7.0.6 in Dev Spaces Code and Dev Spaces Dashboard.
CVE-2023-44270 - Updated PostCSS dependency to 8.4.33 in Dev Spaces Code and 8.4.49 in Dev Spaces Dashboard.
CVE-2024-45337 - Updated golang.org/x/crypto to v0.31.0 in Dev Spaces Operator.
CVE-2024-45338 - Updated the golang.org/x/net dependency to v0.33.0 in Dev Spaces Operator.
CVE-2024-45801 - Updated DOMPurify dependency to 3.1.3 in Dev Spaces Code.
CVE-2024-55565 - Updated nanoid dependency to 3.3.8 in Dev Spaces Code and Dev Spaces Dashboard.
Dev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates.
https://access.redhat.com/support/policy/updates/openshift#devspaces
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Dev Spaces 3.18 has been released.\n\nAll containers have been updated to include feature enhancements, bug fixes and CVE fixes.\n\nFollowing the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\n\nThe 3.18 release is based on Eclipse Che 7.95 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\n\nUsers still using the v1 standard should migrate as soon as possible.\n\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\n\nThe CVEs addressed in this release are:\nCVE-2024-21538 - Updated cross-spawn dependency to 7.0.6 in Dev Spaces Code and Dev Spaces Dashboard.\nCVE-2023-44270 - Updated PostCSS dependency to 8.4.33 in Dev Spaces Code and 8.4.49 in Dev Spaces Dashboard. \nCVE-2024-45337 - Updated golang.org/x/crypto to v0.31.0 in Dev Spaces Operator.\nCVE-2024-45338 - Updated the golang.org/x/net dependency to v0.33.0 in Dev Spaces Operator.\nCVE-2024-45801 - Updated DOMPurify dependency to 3.1.3 in Dev Spaces Code.\nCVE-2024-55565 - Updated nanoid dependency to 3.3.8 in Dev Spaces Code and Dev Spaces Dashboard.\n\nDev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. \n\nhttps://access.redhat.com/support/policy/updates/openshift#devspaces", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2025:0892", url: "https://access.redhat.com/errata/RHSA-2025:0892", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "2312631", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312631", }, { category: "external", summary: "2324550", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2324550", }, { category: "external", summary: "2326998", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2326998", }, { category: "external", summary: "2331063", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2331063", }, { category: "external", summary: "2331720", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2331720", }, { category: "external", summary: "2333122", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2333122", }, { category: "external", summary: "CRW-7648", url: "https://issues.redhat.com/browse/CRW-7648", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_0892.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.18.0 release", tracking: { current_release_date: "2025-03-30T12:18:01+00:00", generator: { date: "2025-03-30T12:18:01+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2025:0892", initial_release_date: "2025-02-03T16:38:18+00:00", revision_history: [ { date: "2025-02-03T16:38:18+00:00", number: "1", summary: "Initial version", }, { date: "2025-02-03T16:38:18+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-30T12:18:01+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift Dev Spaces 3", product: { name: "Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3", product_identification_helper: { cpe: "cpe:/a:redhat:openshift_devspaces:3::el9", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Dev Spaces", }, { branches: [ { category: "product_version", name: "devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le", product: { name: "devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le", product_id: "devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le", product_identification_helper: { purl: "pkg:oci/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485?arch=ppc64le&repository_url=registry.redhat.io/devspaces/code-rhel9&tag=3.18-6", }, }, }, { category: "product_version", name: "devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le", product: { name: "devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le", product_id: "devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le", product_identification_helper: { purl: "pkg:oci/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072?arch=ppc64le&repository_url=registry.redhat.io/devspaces/configbump-rhel9&tag=latest", }, }, }, { category: "product_version", name: "devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le", product: { name: "devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le", product_id: "devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le", product_identification_helper: { purl: "pkg:oci/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86?arch=ppc64le&repository_url=registry.redhat.io/devspaces/dashboard-rhel9&tag=3.18-10", }, }, }, { category: "product_version", name: "devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le", product: { name: "devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le", product_id: "devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le", product_identification_helper: { purl: "pkg:oci/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708?arch=ppc64le&repository_url=registry.redhat.io/devspaces/imagepuller-rhel9&tag=latest", }, }, }, { category: "product_version", name: "devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le", product: { name: "devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le", product_id: "devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le", product_identification_helper: { purl: "pkg:oci/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0?arch=ppc64le&repository_url=registry.redhat.io/devspaces/machineexec-rhel9&tag=latest", }, }, }, { category: "product_version", name: "devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le", product: { name: "devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le", product_id: "devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le", product_identification_helper: { purl: "pkg:oci/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b?arch=ppc64le&repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle&tag=3.18-36", }, }, }, { category: "product_version", name: "devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le", product: { name: "devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le", product_id: "devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le", product_identification_helper: { purl: "pkg:oci/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f?arch=ppc64le&repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9&tag=latest", }, }, }, { category: "product_version", name: "devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le", product: { name: "devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le", product_id: "devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le", product_identification_helper: { purl: "pkg:oci/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05?arch=ppc64le&repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator&tag=latest", }, }, }, { category: "product_version", name: "devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le", product: { name: "devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le", product_id: "devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le", product_identification_helper: { purl: "pkg:oci/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976?arch=ppc64le&repository_url=registry.redhat.io/devspaces/server-rhel9&tag=3.18-2", }, }, }, { category: "product_version", name: "devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le", product: { name: "devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le", product_id: "devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le", product_identification_helper: { purl: "pkg:oci/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000?arch=ppc64le&repository_url=registry.redhat.io/devspaces/traefik-rhel9&tag=3.18-1", }, }, }, { category: "product_version", name: "devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le", product: { name: "devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le", product_id: "devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le", product_identification_helper: { purl: "pkg:oci/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416?arch=ppc64le&repository_url=registry.redhat.io/devspaces/udi-rhel9&tag=3.18-1", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64", product: { name: "devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64", product_id: "devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64", product_identification_helper: { purl: "pkg:oci/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe?arch=amd64&repository_url=registry.redhat.io/devspaces/code-rhel9&tag=3.18-6", }, }, }, { category: "product_version", name: "devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64", product: { name: "devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64", product_id: "devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64", product_identification_helper: { purl: "pkg:oci/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e?arch=amd64&repository_url=registry.redhat.io/devspaces/configbump-rhel9&tag=latest", }, }, }, { category: "product_version", name: "devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64", product: { name: "devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64", product_id: "devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64", product_identification_helper: { purl: "pkg:oci/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2?arch=amd64&repository_url=registry.redhat.io/devspaces/dashboard-rhel9&tag=3.18-10", }, }, }, { category: "product_version", name: "devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64", product: { name: "devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64", product_id: "devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64", product_identification_helper: { purl: "pkg:oci/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5?arch=amd64&repository_url=registry.redhat.io/devspaces-tech-preview/idea-rhel9&tag=latest", }, }, }, { category: "product_version", name: "devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64", product: { name: "devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64", product_id: "devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64", product_identification_helper: { purl: "pkg:oci/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345?arch=amd64&repository_url=registry.redhat.io/devspaces/imagepuller-rhel9&tag=latest", }, }, }, { category: "product_version", name: "devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64", product: { name: "devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64", product_id: "devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64", product_identification_helper: { purl: "pkg:oci/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844?arch=amd64&repository_url=registry.redhat.io/devspaces/machineexec-rhel9&tag=latest", }, }, }, { category: "product_version", name: "devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64", product: { name: "devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64", product_id: "devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64", product_identification_helper: { purl: "pkg:oci/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc?arch=amd64&repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle&tag=3.18-36", }, }, }, { category: "product_version", name: "devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64", product: { name: "devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64", product_id: "devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64", product_identification_helper: { purl: "pkg:oci/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228?arch=amd64&repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9&tag=latest", }, }, }, { category: "product_version", name: "devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64", product: { name: "devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64", product_id: "devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64", product_identification_helper: { purl: "pkg:oci/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd?arch=amd64&repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator&tag=latest", }, }, }, { category: "product_version", name: "devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64", product: { name: "devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64", product_id: "devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64", product_identification_helper: { purl: "pkg:oci/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b?arch=amd64&repository_url=registry.redhat.io/devspaces/server-rhel9&tag=3.18-2", }, }, }, { category: "product_version", name: "devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64", product: { name: "devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64", product_id: "devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64", product_identification_helper: { purl: "pkg:oci/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca?arch=amd64&repository_url=registry.redhat.io/devspaces/traefik-rhel9&tag=3.18-1", }, }, }, { category: "product_version", name: "devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64", product: { name: "devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64", product_id: "devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64", product_identification_helper: { purl: "pkg:oci/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb?arch=amd64&repository_url=registry.redhat.io/devspaces/udi-rhel9&tag=3.18-1", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x", product: { name: "devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x", product_id: "devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x", product_identification_helper: { purl: "pkg:oci/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1?arch=s390x&repository_url=registry.redhat.io/devspaces/code-rhel9&tag=3.18-6", }, }, }, { category: "product_version", name: "devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x", product: { name: "devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x", product_id: "devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x", product_identification_helper: { purl: "pkg:oci/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2?arch=s390x&repository_url=registry.redhat.io/devspaces/configbump-rhel9&tag=latest", }, }, }, { category: "product_version", name: "devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x", product: { name: "devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x", product_id: "devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x", product_identification_helper: { purl: "pkg:oci/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2?arch=s390x&repository_url=registry.redhat.io/devspaces/dashboard-rhel9&tag=3.18-10", }, }, }, { category: "product_version", name: "devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x", product: { name: "devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x", product_id: "devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x", product_identification_helper: { purl: "pkg:oci/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040?arch=s390x&repository_url=registry.redhat.io/devspaces/imagepuller-rhel9&tag=latest", }, }, }, { category: "product_version", name: "devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x", product: { name: "devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x", product_id: "devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x", product_identification_helper: { purl: "pkg:oci/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd?arch=s390x&repository_url=registry.redhat.io/devspaces/machineexec-rhel9&tag=latest", }, }, }, { category: "product_version", name: "devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x", product: { name: "devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x", product_id: "devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x", product_identification_helper: { purl: "pkg:oci/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247?arch=s390x&repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle&tag=3.18-36", }, }, }, { category: "product_version", name: "devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x", product: { name: "devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x", product_id: "devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x", product_identification_helper: { purl: "pkg:oci/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004?arch=s390x&repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9&tag=latest", }, }, }, { category: "product_version", name: "devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x", product: { name: "devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x", product_id: "devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x", product_identification_helper: { purl: "pkg:oci/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5?arch=s390x&repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator&tag=latest", }, }, }, { category: "product_version", name: "devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x", product: { name: "devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x", product_id: "devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x", product_identification_helper: { purl: "pkg:oci/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b?arch=s390x&repository_url=registry.redhat.io/devspaces/server-rhel9&tag=3.18-2", }, }, }, { category: "product_version", name: "devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x", product: { name: "devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x", product_id: "devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x", product_identification_helper: { purl: "pkg:oci/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7?arch=s390x&repository_url=registry.redhat.io/devspaces/traefik-rhel9&tag=3.18-1", }, }, }, { category: "product_version", name: "devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x", product: { name: "devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x", product_id: "devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x", product_identification_helper: { purl: "pkg:oci/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c?arch=s390x&repository_url=registry.redhat.io/devspaces/udi-rhel9&tag=3.18-1", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64", }, product_reference: "devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le", }, product_reference: "devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x", }, product_reference: "devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64", }, product_reference: "devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le", }, product_reference: "devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x", }, product_reference: "devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64", }, product_reference: "devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64", }, product_reference: "devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x", }, product_reference: "devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le", }, product_reference: "devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le", }, product_reference: "devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x", }, product_reference: "devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64", }, product_reference: "devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64", }, product_reference: "devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x", }, product_reference: "devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le", }, product_reference: "devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64", }, product_reference: "devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x", }, product_reference: "devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le", }, product_reference: "devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64", }, product_reference: "devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x", }, product_reference: "devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le", }, product_reference: "devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64", }, product_reference: "devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x", }, product_reference: "devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le", }, product_reference: "devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x", }, product_reference: "devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le", }, product_reference: "devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64", }, product_reference: "devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64", }, product_reference: "devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le", }, product_reference: "devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x", }, product_reference: "devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x", }, product_reference: "devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64", }, product_reference: "devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64", relates_to_product_reference: "9Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le", }, product_reference: "devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le", relates_to_product_reference: "9Base-RHOSDS-3", }, ], }, vulnerabilities: [ { cve: "CVE-2023-44270", cwe: { id: "CWE-93", name: "Improper Neutralization of CRLF Sequences ('CRLF Injection')", }, discovery_date: "2024-11-18T14:11:50.400987+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2326998", }, ], notes: [ { category: "description", text: "An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment.", title: "Vulnerability description", }, { category: "summary", text: "PostCSS: Improper input validation in PostCSS", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le", ], known_not_affected: [ "9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-44270", }, { category: "external", summary: "RHBZ#2326998", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2326998", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-44270", url: "https://www.cve.org/CVERecord?id=CVE-2023-44270", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-44270", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-44270", }, { category: "external", summary: "https://github.com/github/advisory-database/issues/2820", url: "https://github.com/github/advisory-database/issues/2820", }, { category: "external", summary: "https://github.com/postcss/postcss/blob/main/lib/tokenize.js#L25", url: "https://github.com/postcss/postcss/blob/main/lib/tokenize.js#L25", }, { category: "external", summary: "https://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5", url: "https://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5", }, { category: "external", summary: "https://github.com/postcss/postcss/releases/tag/8.4.31", url: "https://github.com/postcss/postcss/releases/tag/8.4.31", }, ], release_date: "2023-09-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-03T16:38:18+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:0892", }, { category: "workaround", details: "There's no known mitigation for this issue. Red Hat recommends to not parse untrusted CSS input using PostCSS.", product_ids: [ "9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "PostCSS: Improper input validation in PostCSS", }, { cve: "CVE-2024-21538", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-11-08T13:44:29.182678+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2324550", }, ], notes: [ { category: "description", text: "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.", title: "Vulnerability description", }, { category: "summary", text: "cross-spawn: regular expression denial of service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le", ], known_not_affected: [ "9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21538", }, { category: "external", summary: "RHBZ#2324550", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2324550", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21538", url: "https://www.cve.org/CVERecord?id=CVE-2024-21538", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21538", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21538", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff", url: "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f", url: "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f", }, { category: "external", summary: "https://github.com/moxystudio/node-cross-spawn/pull/160", url: "https://github.com/moxystudio/node-cross-spawn/pull/160", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230", url: "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230", }, ], release_date: "2024-11-08T05:00:04.695000+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-03T16:38:18+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:0892", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "cross-spawn: regular expression denial of service", }, { cve: "CVE-2024-45337", cwe: { id: "CWE-285", name: "Improper Authorization", }, discovery_date: "2024-12-11T19:00:54.247490+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2331720", }, ], notes: [ { category: "description", text: "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.", title: "Vulnerability description", }, { category: "summary", text: "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application's handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 & 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le", ], known_not_affected: [ "9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45337", }, { category: "external", summary: "RHBZ#2331720", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2331720", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45337", url: "https://www.cve.org/CVERecord?id=CVE-2024-45337", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45337", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45337", }, { category: "external", summary: "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909", url: "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909", }, { category: "external", summary: "https://go.dev/cl/635315", url: "https://go.dev/cl/635315", }, { category: "external", summary: "https://go.dev/issue/70779", url: "https://go.dev/issue/70779", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ", url: "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-3321", url: "https://pkg.go.dev/vuln/GO-2024-3321", }, ], release_date: "2024-12-11T18:55:58.506000+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-03T16:38:18+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:0892", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, products: [ "9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto", }, { cve: "CVE-2024-45338", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2024-12-18T21:00:59.938173+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2333122", }, ], notes: [ { category: "description", text: "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le", ], known_not_affected: [ "9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45338", }, { category: "external", summary: "RHBZ#2333122", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2333122", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45338", url: "https://www.cve.org/CVERecord?id=CVE-2024-45338", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45338", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45338", }, { category: "external", summary: "https://go.dev/cl/637536", url: "https://go.dev/cl/637536", }, { category: "external", summary: "https://go.dev/issue/70906", url: "https://go.dev/issue/70906", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ", url: "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ", }, { category: "external", summary: "https://pkg.go.dev/vuln/GO-2024-3333", url: "https://pkg.go.dev/vuln/GO-2024-3333", }, ], release_date: "2024-12-18T20:38:22.660000+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-03T16:38:18+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:0892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html", }, { cve: "CVE-2024-45801", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, discovery_date: "2024-09-16T19:20:09.863249+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2312631", }, ], notes: [ { category: "description", text: "A flaw was found in DOMPurify. This issue may allow an attacker to use specially-crafted HTML to bypass the depth checking or use Prototype Pollution to weaken the depth check, which can lead to cross site scripting (XSS) attacks.", title: "Vulnerability description", }, { category: "summary", text: "dompurify: XSS vulnerability via prototype pollution", title: "Vulnerability summary", }, { category: "other", text: "The vulnerability in DOMPurify, while significant, is categorized as moderate severity rather than important due to its specific conditions for exploitation. The issue requires not only a sophisticated nesting technique to bypass the depth checks but also the ability to leverage Prototype Pollution to weaken these protections. This makes the attack scenario relatively complex and less likely to be encountered in general use cases. Furthermore, the flaw impacts only certain configurations and usage patterns, thus reducing its immediate risk.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64", ], known_not_affected: [ "9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45801", }, { category: "external", summary: "RHBZ#2312631", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2312631", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45801", url: "https://www.cve.org/CVERecord?id=CVE-2024-45801", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45801", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45801", }, { category: "external", summary: "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21", url: "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21", }, { category: "external", summary: "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc", url: "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc", }, { category: "external", summary: "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674", url: "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674", }, ], release_date: "2024-09-16T19:16:11.080000+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-03T16:38:18+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:0892", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", version: "3.1", }, products: [ "9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "dompurify: XSS vulnerability via prototype pollution", }, { cve: "CVE-2024-55565", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, discovery_date: "2024-12-09T02:00:45.255738+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2331063", }, ], notes: [ { category: "description", text: "nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.", title: "Vulnerability description", }, { category: "summary", text: "nanoid: nanoid mishandles non-integer values", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le", ], known_not_affected: [ "9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-55565", }, { category: "external", summary: "RHBZ#2331063", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2331063", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-55565", url: "https://www.cve.org/CVERecord?id=CVE-2024-55565", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-55565", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-55565", }, { category: "external", summary: "https://github.com/ai/nanoid/compare/3.3.7...3.3.8", url: "https://github.com/ai/nanoid/compare/3.3.7...3.3.8", }, { category: "external", summary: "https://github.com/ai/nanoid/pull/510", url: "https://github.com/ai/nanoid/pull/510", }, { category: "external", summary: "https://github.com/ai/nanoid/releases/tag/5.0.9", url: "https://github.com/ai/nanoid/releases/tag/5.0.9", }, ], release_date: "2024-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2025-02-03T16:38:18+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2025:0892", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:56808324fd8f18efcaf1143c062b4611d4daf92d2b3827b6744b7103e6862eb5_amd64", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:03465af90654f18716911c227ad49422cda691bdea686936df1d37dcc058e485_ppc64le", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:7d2e2198bc93f6955477a3ec4f63a38b78273ea1007850c48ace3bb16c9666b1_s390x", "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:90a61893d9127600dd108fedf9ee0b1fcac4502a196b8de7936589c100fc49fe_amd64", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:741e2650528085ebfe65969d5c48ab7f3f258d73f0a35e9f0ca0ff2186a64072_ppc64le", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:cb292b971baf4de9f13b913ef0f3e391c1b12919175ae9dab43d18a70f4411a2_s390x", "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:efea4d960bce51d34f2021b08ed5134f99f2bbbe759e550bf5bb4787ec40539e_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:70ac5c215c4fc78e0b89c46bfa537f9bfb835af1897708f9cb181648659311d2_amd64", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:92891c316760203637d3739fc7fe5a6801e3b11faf22b405559dc1c05adbf6b2_s390x", "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:a929eb292b97c9fc5d573a1ce5dc283268e189ec271abca29e183769b7f8ab86_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:677b3ce8d509429000a0696e05518ea9d4e69533407480b7728e523375c5303b_ppc64le", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6a70f3e63cb4d87e96f54e3f2075a7f8cacaa10c92efe71c4d4bb5a43e4f1247_s390x", "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:7d585ce8bce9b7ab571bf8a893bda495d255601e14b8a8aa516d0524545748dc_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:58218f2ce601e03f87858ada727cf52e964f0212124001740bf305dc36e67fbd_amd64", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:616fe916fe4bdf7cf26f1463b7df306bd63772eb31bdf83f70c42db9775765e5_s390x", "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:98f3e811e3c8ebec180a6dc58353f72acf0dffad608b59d091af5f1887d37e05_ppc64le", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:1aab5a0eeaf68576aa5a0793cbe220bb8a783ec5670aa46240b88530897db345_amd64", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6d121ae6d94afb5d723730e63fcd49c5cfaa1f2518cdb534215399a1f08ff040_s390x", "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:d68cced8fab3fd16ddaaf45fe0c5498b60a4a09a2b5c4e5f984529d041d13708_ppc64le", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5692486f392037c261b89bdf1004ac8982002c3c7e15cf3babcd3031970b3844_amd64", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:5cee29e36e341486bd91b8e578c9fd5a3fb657cbd6c6249dd69bb0a6e5b57dfd_s390x", "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:92c07684e0deb9c515e509853d2d58a714b655f8be48be942f1da12da5cc65e0_ppc64le", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:2d9d7bacf93ceeca7b410e16fa84cb48c5c04092ac7e5ba22681b96abd0cf228_amd64", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:98be37c2d983b7af80f0c8527d6297eaf7177ee52457979b45d13cdd27976004_s390x", "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:c57424174146743c9185105ae51c49e578a9dae1ca53375879a730704a5a686f_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:03d2025cc1fe797a3c54206cf37323e4bc6bc1c4197b70377bef7f727e33ed1b_s390x", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:15b8c0c6c6ed150183d8039fda25fa3986a55c8e7571b6d07f19eb91d51ae976_ppc64le", "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:83afeb4a5ae28f1193261a4f942c400854fc2b2148bdf38c54706e72b345786b_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:55275214e27d4620bd2e4caf7a1a24598762fc1eff67c072e9c53fff4a633dca_amd64", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:804e08e8331a96e87c20889ff7f03816d17ec35e18e0449beb8337b82aa30000_ppc64le", "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:fc0edac05e35fc4cca42cbc81979c54e4db440e340acca6c4c56dc5a3ece6cf7_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:53d4e87eb1ef3a63a42539ea20be463b3cbb76fe93a80d9dc5fb65253120402c_s390x", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:6fb45a6f9e4dd9a29e87c20b70758041f54b439cde439435aebecff002dd19fb_amd64", "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:81e13f10bfa13edbf62318ce58f93f681dc61776e5871e8710e8cf8e0cb86416_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "nanoid: nanoid mishandles non-integer values", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.