RHSA-2025:22759
Vulnerability from csaf_redhat - Published: 2025-12-04 13:06 - Updated: 2025-12-04 17:10Summary
Red Hat Security Advisory: RHOAI 2.22.3 - Red Hat OpenShift AI
Notes
Topic
Updated images are now available for Red Hat OpenShift AI.
Details
Release of RHOAI 2.22.3 provides these changes:
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat OpenShift AI.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of RHOAI 2.22.3 provides these changes:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:22759",
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12060",
"url": "https://access.redhat.com/security/cve/CVE-2025-12060"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47907",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-53643",
"url": "https://access.redhat.com/security/cve/CVE-2025-53643"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58754",
"url": "https://access.redhat.com/security/cve/CVE-2025-58754"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62156",
"url": "https://access.redhat.com/security/cve/CVE-2025-62156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62727",
"url": "https://access.redhat.com/security/cve/CVE-2025-62727"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9905",
"url": "https://access.redhat.com/security/cve/CVE-2025-9905"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22759.json"
}
],
"title": "Red Hat Security Advisory: RHOAI 2.22.3 - Red Hat OpenShift AI",
"tracking": {
"current_release_date": "2025-12-04T17:10:56+00:00",
"generator": {
"date": "2025-12-04T17:10:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.13"
}
},
"id": "RHSA-2025:22759",
"initial_release_date": "2025-12-04T13:06:08+00:00",
"revision_history": [
{
"date": "2025-12-04T13:06:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-04T13:06:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-04T17:10:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift AI 2.22",
"product": {
"name": "Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_ai:2.22::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"product_id": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-codeflare-operator-rhel9@sha256%3A8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764593039"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel9@sha256%3A7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764637896"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-argoexec-rhel9@sha256%3A86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764181290"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256%3Ac7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764181290"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-operator-controller-rhel9@sha256%3Af27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764609238"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"product_id": "registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-feast-operator-rhel9@sha256%3A3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1763051808"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"product_id": "registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-feature-server-rhel9@sha256%3Ad5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1763565765"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kf-notebook-controller-rhel9@sha256%3A687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764609614"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kuberay-operator-controller-rhel9@sha256%3A2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764609723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kueue-controller-rhel9@sha256%3Ab7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764609729"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-api-server-v2-rhel9@sha256%3A854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-driver-rhel9@sha256%3Af092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-launcher-rhel9@sha256%3A46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256%3A3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-runtime-generic-rhel9@sha256%3A65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764293130"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256%3A8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594321"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mlmd-grpc-server-rhel9@sha256%3Abfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594262"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mm-rest-proxy-rhel9@sha256%3A974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594154"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel9@sha256%3A65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764665999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-operator-rhel9@sha256%3A901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594440"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-rhel9@sha256%3Ae0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594496"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-runtime-adapter-rhel9@sha256%3A1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594508"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-serving-controller-rhel9@sha256%3A4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594518"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-rhel9@sha256%3Aa3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764594760"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"product_id": "registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-notebook-controller-rhel9@sha256%3Ae940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764609614"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"product_id": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-operator-bundle@sha256%3Abd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764669970"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"product_id": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel9-operator@sha256%3Aa54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764669148"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"product_id": "registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-training-operator-rhel9@sha256%3A251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764595822"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-operator-rhel9@sha256%3A3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1763639678"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-rhel9@sha256%3A51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764596318"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel9@sha256%3Abbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259?arch=ppc64le\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764637896"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel9@sha256%3Af43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773?arch=ppc64le\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764665999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"product_id": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel9-operator@sha256%3A67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda?arch=ppc64le\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764669148"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel9@sha256%3A3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b?arch=s390x\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764637896"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel9@sha256%3A0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab?arch=s390x\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764665999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"product_id": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel9-operator@sha256%3A8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d?arch=s390x\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764669148"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel9@sha256%3Afe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926?arch=arm64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764637896"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel9@sha256%3A0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667?arch=arm64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764665999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"product_id": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel9-operator@sha256%3Ab8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e?arch=arm64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.22.3-1764669148"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64 as a component of Red Hat OpenShift AI 2.22",
"product_id": "Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.22"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9905",
"cwe": {
"id": "CWE-913",
"name": "Improper Control of Dynamically-Managed Code Resources"
},
"discovery_date": "2025-09-19T09:00:54.801987+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396645"
}
],
"notes": [
{
"category": "description",
"text": "The Keras Model.load_model\u00a0method can be exploited to achieve arbitrary code execution, even with safe_mode=True.\n\nOne can create a specially crafted .h5/.hdf5\u00a0model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed.\n\nThis is achieved by crafting a special .h5\u00a0archive file that uses the Lambda\u00a0layer feature of keras which allows arbitrary Python code in the form of pickled code. The vulnerability comes from the fact that the safe_mode=True\u00a0option is not honored when reading .h5\u00a0archives.\n\nNote that the .h5/.hdf5\u00a0format is a legacy format supported by Keras 3 for backwards compatibility.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keras: Arbitary Code execution in Keras load_model()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9905"
},
{
"category": "external",
"summary": "RHBZ#2396645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396645"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9905"
},
{
"category": "external",
"summary": "https://github.com/keras-team/keras/pull/21602",
"url": "https://github.com/keras-team/keras/pull/21602"
},
{
"category": "external",
"summary": "https://github.com/keras-team/keras/security/advisories/GHSA-36rr-ww3j-vrjv",
"url": "https://github.com/keras-team/keras/security/advisories/GHSA-36rr-ww3j-vrjv"
}
],
"release_date": "2025-09-19T08:16:44.772000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keras: Arbitary Code execution in Keras load_model()"
},
{
"cve": "CVE-2025-12060",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-10-30T18:01:32.193676+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407443"
}
],
"notes": [
{
"category": "description",
"text": "The keras.utils.get_file API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python\u0027s tarfile.extractall function without the filter=\"data\" feature. A remote attacker can craft a malicious tar archive containing special symlinks, which, when extracted, allows them to write arbitrary files to any location on the filesystem outside of the intended destination folder. This vulnerability is linked to the underlying Python tarfile weakness, identified as CVE-2025-4517.\u00a0Note that upgrading Python to one of the versions that fix CVE-2025-4517 (e.g. Python 3.13.4) is not enough. One additionally needs to upgrade Keras to a version with the fix (Keras 3.12).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keras: Keras Path Traversal Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12060"
},
{
"category": "external",
"summary": "RHBZ#2407443",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407443"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12060"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12060"
},
{
"category": "external",
"summary": "https://github.com/keras-team/keras/pull/21760",
"url": "https://github.com/keras-team/keras/pull/21760"
},
{
"category": "external",
"summary": "https://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9",
"url": "https://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9"
}
],
"release_date": "2025-10-30T17:10:43.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keras: Keras Path Traversal Vulnerability"
},
{
"cve": "CVE-2025-47907",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2025-08-07T16:01:06.247481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2387083"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "database/sql: Postgres Scan Race Condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Moderate severity issues rather than Important. The os/exec LookPath flaw requires a misconfigured PATH to be exploitable, and the database/sql race condition primarily impacts applications that cancel queries while running multiple queries concurrently. Both can cause unexpected behavior, but the exploitation scope is limited and unlikely to result in direct compromise in most typical deployments.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat enforces the principle of least functionality, ensuring that only essential features, services, and ports are enabled. The environment leverages malicious code protections such as IPS/IDS and antimalware solutions that detect and respond to indicators in real time, limiting the impact of exploitation attempts. Static code analysis and peer code review techniques are used to execute robust input validation and error-handling mechanisms to ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks. In the case of successful exploitation, detection and containment controls are in place to limit impacts by alerting on anomalous system behavior in real time, while process isolation and automated orchestration via Kubernetes minimize the likelihood of concurrent execution scenarios that would trigger the race condition and help contain the impact to a single process.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "RHBZ#2387083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://go.dev/cl/693735",
"url": "https://go.dev/cl/693735"
},
{
"category": "external",
"summary": "https://go.dev/issue/74831",
"url": "https://go.dev/issue/74831"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM",
"url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3849",
"url": "https://pkg.go.dev/vuln/GO-2025-3849"
}
],
"release_date": "2025-08-07T15:25:30.704000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "database/sql: Postgres Scan Race Condition"
},
{
"cve": "CVE-2025-53643",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-07-14T21:00:57.122280+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380000"
}
],
"notes": [
{
"category": "description",
"text": "A request smuggling flaw was found in the aiohttp python library. If a pure Python version of aiohttp is installed, without the usual C extensions, for example, or if AIOHTTP_NO_EXTENSIONS is enabled, an attacker can execute a request smuggling attack to bypass certain firewalls or proxy protections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "aiohttp: AIOHTTP HTTP Request/Response Smuggling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-53643"
},
{
"category": "external",
"summary": "RHBZ#2380000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-53643",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53643"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-53643",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53643"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a",
"url": "https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj"
}
],
"release_date": "2025-07-14T20:17:18.247000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "aiohttp: AIOHTTP HTTP Request/Response Smuggling"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-58754",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-12T02:00:53.897605+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2394735"
}
],
"notes": [
{
"category": "description",
"text": "Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: \u0027stream\u0027`. Versions 0.30.2 and 1.12.0 contain a patch for the issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios DoS via lack of data size check",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Availability impact is limited to the application which bundles axios and not the host Red Hat system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58754"
},
{
"category": "external",
"summary": "RHBZ#2394735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58754",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58754"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593",
"url": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/7011",
"url": "https://github.com/axios/axios/pull/7011"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.12.0",
"url": "https://github.com/axios/axios/releases/tag/v1.12.0"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj",
"url": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj"
}
],
"release_date": "2025-09-12T01:16:40.513000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios DoS via lack of data size check"
},
{
"cve": "CVE-2025-62156",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-10-14T15:02:10.015356+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2403800"
}
],
"notes": [
{
"category": "description",
"text": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artifact extraction the unpack/untar logic (workflow/executor/executor.go) uses filepath.Join(dest, filepath.Clean(header.Name)) without validating that header.Name stays within the intended extraction directory. A malicious archive entry can supply a traversal or absolute path that, after cleaning, overrides the destination directory and causes files to be written outside the /work/tmp extraction path and into system directories such as /etc inside the container. The vulnerability enables arbitrary file creation or overwrite in system configuration locations (for example /etc/passwd, /etc/hosts, /etc/crontab), which can lead to privilege escalation or persistence within the affected container. Update to 3.6.12 or 3.7.3 to remediate the issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/argoproj/argo-workflows: Argo Workflows Zip Slip",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62156"
},
{
"category": "external",
"summary": "RHBZ#2403800",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403800"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62156"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-workflows/blob/946a2d6b9ac3309371fe47f49ae94c33ca7d488d/workflow/executor/executor.go#L993",
"url": "https://github.com/argoproj/argo-workflows/blob/946a2d6b9ac3309371fe47f49ae94c33ca7d488d/workflow/executor/executor.go#L993"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-workflows/commit/5659ad9b641fcf52c04ed594cd6493f9170f6011",
"url": "https://github.com/argoproj/argo-workflows/commit/5659ad9b641fcf52c04ed594cd6493f9170f6011"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-workflows/commit/9f6bc5d236cd1b24d607943384511d71ad17a4c3",
"url": "https://github.com/argoproj/argo-workflows/commit/9f6bc5d236cd1b24d607943384511d71ad17a4c3"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-p84v-gxvw-73pf",
"url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-p84v-gxvw-73pf"
}
],
"release_date": "2025-10-14T14:52:44.502000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/argoproj/argo-workflows: Argo Workflows Zip Slip"
},
{
"cve": "CVE-2025-62727",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2025-10-28T21:01:03.833849+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406929"
}
],
"notes": [
{
"category": "description",
"text": "Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette\u0027s FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial\u2011of\u2011service for endpoints serving files (e.g., StaticFiles or any use of FileResponse). This vulnerability is fixed in 0.49.1.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "starlette: Starlette DoS via Range header merging",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62727"
},
{
"category": "external",
"summary": "RHBZ#2406929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62727"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62727",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62727"
},
{
"category": "external",
"summary": "https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5",
"url": "https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5"
},
{
"category": "external",
"summary": "https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8",
"url": "https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8"
}
],
"release_date": "2025-10-28T20:14:53.655000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T13:06:08+00:00",
"details": "For Red Hat OpenShift AI 2.22.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-codeflare-operator-rhel9@sha256:8b3e0152680063828a54187feec06600de866db91ab219911b1c3ab50d8b1b7c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:7908a416df1a7a29de0fc89b788c7fb8a3fba85a2e80cd93a52efcf20d0c2fdd_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:bbb139905574a6d29e855a0a6df56f71e036f3e425ee3393a70e384610939259_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-dashboard-rhel9@sha256:fe5d3cdb7fb4658dc46111d20ee03b890b438458ee7d20a55871d59a35a3b926_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel9@sha256:86ac0f8f1d05b6fb02523108448414ec494d630544b3eb6de2f1ad593e67f704_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9@sha256:c7456669d7f87f0194f4dd38559c73d75c441027c25cd487a24b25d7539f917d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel9@sha256:f27180fd3c4c24fdc014bf09554a16a598a4215d7e9d1106015d7b5e976167fe_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feast-operator-rhel9@sha256:3fa33fb9fd238dda3dd0dbc5243d0ec3e82083fb9ecf557a5f8a5b67afc77ba8_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-feature-server-rhel9@sha256:d5d52b368050d505183452f1d8b5170c86f7473fd869a886777d3bf7e48aad76_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel9@sha256:687875287e4317041637f6b47741e484df49e3b2d55ef871021e4ac9f0d99886_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel9@sha256:2d796962cc7622fcc7eb0456eb70439cbb04a5e679f7de8826416a99a9851c62_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-kueue-controller-rhel9@sha256:b7de90247a93ad5b39c83be7cea5ba4a36d1cb55a37179157433edce2d2a9c63_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel9@sha256:854eb235c46dc89cbd324d4b632ff0d07840d3e60744c66e9be8298d3d3d4631_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel9@sha256:f092ae49cdb78c33c051718472448bfd16d4d50918116b3fe988dec267abd2bb_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel9@sha256:46a17b6f764f05a7f81ce3d9c01dd24f11049bfc9f625a4953fd68f7935fe2a4_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9@sha256:3cbc5336af0b8c06c641d864d7b45ce04576e38dbc8636573abb94c37eedeb18_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel9@sha256:65a5dbc53f8f89bf05f4eac1081c022d3d7459917025c8e99a684f6be679eb98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9@sha256:8c97392bb11def5cf310f7992d19d22b4f015e0040faf0fe59044ac63c186d2f_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel9@sha256:bfa7bfad599fed7e758dcd892f6a207144070daf288339b25186f94e8b763a1b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel9@sha256:974ebc1a016a1ccac1683fee653afedd2628e2315cf2cc726b40fb5135aaca93_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0bd79a7eecc255d6d69acd0002c517652638cdf31a0014aa534bf8e3b233b667_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:0f03bb40db834eb444df20dd54473d082ccc6816df6efa0e6166dcaf8c86e3ab_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:65953d54df30fcba632c78d2bdabce81796413baeee6a826d0815df45b99d527_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-controller-rhel9@sha256:f43e263fe3aafc8db04394c9132ec7d7cc2b836fc690cd37b1a8892137ea8773_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-operator-rhel9@sha256:901efe4e9867390a89d61d5c945b72b5e2db87202c919a43579f0ca7cfa4cf96_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-model-registry-rhel9@sha256:e0a67c5465369eae8e98ccee093dd09f5ccdb445903e2aaec30c978b2b7f10f3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-rhel9@sha256:a3c3c17e6092e760923a8b68c98c6d26c30f81da2f04f0d2e9727461254c7c1a_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel9@sha256:1dd295d8062d8846ffb2534b2597e2791bd67387904b3d4ccf58cf3424d3250b_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel9@sha256:4fb05694fa67a519e11f331e3f1ccf42b1432db2f31b2a857d1f2b3e4e1bd0a3_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-notebook-controller-rhel9@sha256:e940d2ce5f41edfbf07e5ae895fa3caa446c013abd41c7cd6d2758ee7336881c_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-operator-bundle@sha256:bd589f792b321203c6ffe2bf92e47f1e3951fbd29a8be65529cc5766bff94c98_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:67e8ec35eb13e8a46a46955f33bbc8eeb18d757a5f40935219218ebb750d5eda_ppc64le",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:8b76cfe4556e2b4a8f5207304c06d7ea83992e223926b8802ddd7b2ee413431d_s390x",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:a54f8bf1f15cd0ab0a13dbb0b0d4295748e8a5ae8b938a38417d9ea5b1d78396_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-rhel9-operator@sha256:b8d56e4d1a79cf0840284ad245a86e16db33a2239fd429e38752bf4d27a7dd9e_arm64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-training-operator-rhel9@sha256:251d85ebf9721e704561b6e6a5822106887f24b0602ce50e9d70e2db1817ee7d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel9@sha256:3038dad86bc403803c630511c3808ec35ddaa3260cc1280f8f4afbf538eb507d_amd64",
"Red Hat OpenShift AI 2.22:registry.redhat.io/rhoai/odh-trustyai-service-rhel9@sha256:51d96b6945dee9049b7728f4612a01a46dd8b533bf76cced602d032ccd03f4da_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "starlette: Starlette DoS via Range header merging"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…