RHSA-2025:23059
Vulnerability from csaf_redhat - Published: 2025-12-10 15:51 - Updated: 2025-12-11 18:47Summary
Red Hat Security Advisory: Red Hat Quay 3.12
Notes
Topic
Red Hat Quay 3.12 is now available with bug fixes.
Details
Quay 3.12
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.12 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.12",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23059",
"url": "https://access.redhat.com/errata/RHSA-2025:23059"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34156",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47913",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59420",
"url": "https://access.redhat.com/security/cve/CVE-2025-59420"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61920",
"url": "https://access.redhat.com/security/cve/CVE-2025-61920"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23059.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.12",
"tracking": {
"current_release_date": "2025-12-11T18:47:04+00:00",
"generator": {
"date": "2025-12-11T18:47:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.13"
}
},
"id": "RHSA-2025:23059",
"initial_release_date": "2025-12-10T15:51:53+00:00",
"revision_history": [
{
"date": "2025-12-10T15:51:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-10T15:52:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-11T18:47:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.12",
"product": {
"name": "Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:53c387293b92691eb66ea73b1d29781cf275f01b4254c38e21620c0502987272_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:53c387293b92691eb66ea73b1d29781cf275f01b4254c38e21620c0502987272_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:53c387293b92691eb66ea73b1d29781cf275f01b4254c38e21620c0502987272_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A53c387293b92691eb66ea73b1d29781cf275f01b4254c38e21620c0502987272?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.12.13-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7814f04947e8e98d3c4870894e320b12c557976495bdf28a89b55bf061bacf79_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7814f04947e8e98d3c4870894e320b12c557976495bdf28a89b55bf061bacf79_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7814f04947e8e98d3c4870894e320b12c557976495bdf28a89b55bf061bacf79_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A7814f04947e8e98d3c4870894e320b12c557976495bdf28a89b55bf061bacf79?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.12.13-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:0a978bbe91e0e0b8bab6862522f8a0aa8e974b778cc36b83f0781081621c8e23_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:0a978bbe91e0e0b8bab6862522f8a0aa8e974b778cc36b83f0781081621c8e23_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:0a978bbe91e0e0b8bab6862522f8a0aa8e974b778cc36b83f0781081621c8e23_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A0a978bbe91e0e0b8bab6862522f8a0aa8e974b778cc36b83f0781081621c8e23?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.12.13-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ad2119941c2e8db1691a9bfee085425c7203ab00c2cdf0a6441b1102109cfd21_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ad2119941c2e8db1691a9bfee085425c7203ab00c2cdf0a6441b1102109cfd21_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ad2119941c2e8db1691a9bfee085425c7203ab00c2cdf0a6441b1102109cfd21_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Aad2119941c2e8db1691a9bfee085425c7203ab00c2cdf0a6441b1102109cfd21?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.12.13-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1f769259f2b91d47f4d4fbf92414903a62380a358737e7100a1166ccd8c89b85_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1f769259f2b91d47f4d4fbf92414903a62380a358737e7100a1166ccd8c89b85_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1f769259f2b91d47f4d4fbf92414903a62380a358737e7100a1166ccd8c89b85_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A1f769259f2b91d47f4d4fbf92414903a62380a358737e7100a1166ccd8c89b85?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.14-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7a338bb18181535a2644bf70cae05042e1ef2af5a80e70a6cab6516e8f054896_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7a338bb18181535a2644bf70cae05042e1ef2af5a80e70a6cab6516e8f054896_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7a338bb18181535a2644bf70cae05042e1ef2af5a80e70a6cab6516e8f054896_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A7a338bb18181535a2644bf70cae05042e1ef2af5a80e70a6cab6516e8f054896?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=8.10-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:c5cb9d3d0f970ad36005f2d376547e967e4a89574cca1cf8806bb92d05199d70_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:c5cb9d3d0f970ad36005f2d376547e967e4a89574cca1cf8806bb92d05199d70_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:c5cb9d3d0f970ad36005f2d376547e967e4a89574cca1cf8806bb92d05199d70_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ac5cb9d3d0f970ad36005f2d376547e967e4a89574cca1cf8806bb92d05199d70?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.12.0-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:1c915a6f813564b9bf8062ea5c6a83097a8dd78a38fda0171fae9cc8d81299c7_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:1c915a6f813564b9bf8062ea5c6a83097a8dd78a38fda0171fae9cc8d81299c7_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:1c915a6f813564b9bf8062ea5c6a83097a8dd78a38fda0171fae9cc8d81299c7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A1c915a6f813564b9bf8062ea5c6a83097a8dd78a38fda0171fae9cc8d81299c7?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.12.13-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f960e1816f8babb590a55ccab9f2db1b567df749e73c70067269d32f6200bca6_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f960e1816f8babb590a55ccab9f2db1b567df749e73c70067269d32f6200bca6_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f960e1816f8babb590a55ccab9f2db1b567df749e73c70067269d32f6200bca6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Af960e1816f8babb590a55ccab9f2db1b567df749e73c70067269d32f6200bca6?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.12.13-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a40309477f7286b6c00381012eec8d3ececb557a4b8db38e5b4ea7f321a17c79_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a40309477f7286b6c00381012eec8d3ececb557a4b8db38e5b4ea7f321a17c79_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:a40309477f7286b6c00381012eec8d3ececb557a4b8db38e5b4ea7f321a17c79_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Aa40309477f7286b6c00381012eec8d3ececb557a4b8db38e5b4ea7f321a17c79?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.12-1765381502"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b2a263d3cbf303d0dffb2c36ee2a4187c29902ce96ca1ded6f33b2edcc68fda9_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b2a263d3cbf303d0dffb2c36ee2a4187c29902ce96ca1ded6f33b2edcc68fda9_arm64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b2a263d3cbf303d0dffb2c36ee2a4187c29902ce96ca1ded6f33b2edcc68fda9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ab2a263d3cbf303d0dffb2c36ee2a4187c29902ce96ca1ded6f33b2edcc68fda9?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.12.13-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8b3684c92affc7acadcd5dc8eb80e5727081c7ecf4cc6eeafe5ecc5ea60970bb_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8b3684c92affc7acadcd5dc8eb80e5727081c7ecf4cc6eeafe5ecc5ea60970bb_arm64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8b3684c92affc7acadcd5dc8eb80e5727081c7ecf4cc6eeafe5ecc5ea60970bb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A8b3684c92affc7acadcd5dc8eb80e5727081c7ecf4cc6eeafe5ecc5ea60970bb?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.12.13-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0c7a94928e8ef89aebdd9b30a47aaf0fe4dfb3a716603362b5c7d52255c4e842_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0c7a94928e8ef89aebdd9b30a47aaf0fe4dfb3a716603362b5c7d52255c4e842_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0c7a94928e8ef89aebdd9b30a47aaf0fe4dfb3a716603362b5c7d52255c4e842_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A0c7a94928e8ef89aebdd9b30a47aaf0fe4dfb3a716603362b5c7d52255c4e842?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.14-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:00eb13b3cccf326292589a680a964160c58f83391d0036c4ebcb34fad32b6189_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:00eb13b3cccf326292589a680a964160c58f83391d0036c4ebcb34fad32b6189_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:00eb13b3cccf326292589a680a964160c58f83391d0036c4ebcb34fad32b6189_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A00eb13b3cccf326292589a680a964160c58f83391d0036c4ebcb34fad32b6189?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=8.10-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:11091b652f65868606c3d4d3e30a04cea7396f06f119bcd0a4cf664db2aa790e_arm64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:11091b652f65868606c3d4d3e30a04cea7396f06f119bcd0a4cf664db2aa790e_arm64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:11091b652f65868606c3d4d3e30a04cea7396f06f119bcd0a4cf664db2aa790e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A11091b652f65868606c3d4d3e30a04cea7396f06f119bcd0a4cf664db2aa790e?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.12.0-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:b2e2d245c7ba3d1528e73b59bad428f023eeb17a1983d61edcf6a22db58911cf_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:b2e2d245c7ba3d1528e73b59bad428f023eeb17a1983d61edcf6a22db58911cf_arm64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:b2e2d245c7ba3d1528e73b59bad428f023eeb17a1983d61edcf6a22db58911cf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Ab2e2d245c7ba3d1528e73b59bad428f023eeb17a1983d61edcf6a22db58911cf?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.12.13-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:30152d31da209c034ec39b52a32063437097eec9a4fac2eaf4a4110fea97cb70_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:30152d31da209c034ec39b52a32063437097eec9a4fac2eaf4a4110fea97cb70_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:30152d31da209c034ec39b52a32063437097eec9a4fac2eaf4a4110fea97cb70_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A30152d31da209c034ec39b52a32063437097eec9a4fac2eaf4a4110fea97cb70?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=3.12-1765381502"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:33d0912dbad0b1702fd91abf87e38910d2b983334062044c292a0cb1714187a0_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:33d0912dbad0b1702fd91abf87e38910d2b983334062044c292a0cb1714187a0_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:33d0912dbad0b1702fd91abf87e38910d2b983334062044c292a0cb1714187a0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A33d0912dbad0b1702fd91abf87e38910d2b983334062044c292a0cb1714187a0?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=3.12.13-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8d474498354d438fc9deeceb3bc89649f35d4e382e930ee721059bfeaf0f8279_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8d474498354d438fc9deeceb3bc89649f35d4e382e930ee721059bfeaf0f8279_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8d474498354d438fc9deeceb3bc89649f35d4e382e930ee721059bfeaf0f8279_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A8d474498354d438fc9deeceb3bc89649f35d4e382e930ee721059bfeaf0f8279?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=3.12.13-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bd796d2de4d02f63adc767aa22b9a388b3adea40c12b0d8f158ebffabed6fee9_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bd796d2de4d02f63adc767aa22b9a388b3adea40c12b0d8f158ebffabed6fee9_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bd796d2de4d02f63adc767aa22b9a388b3adea40c12b0d8f158ebffabed6fee9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Abd796d2de4d02f63adc767aa22b9a388b3adea40c12b0d8f158ebffabed6fee9?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=3.14-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3facbc804376b505181c2f52f0c7a433111bcedcb5699a0fcdffd7e9a2bdfbbe_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3facbc804376b505181c2f52f0c7a433111bcedcb5699a0fcdffd7e9a2bdfbbe_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3facbc804376b505181c2f52f0c7a433111bcedcb5699a0fcdffd7e9a2bdfbbe_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A3facbc804376b505181c2f52f0c7a433111bcedcb5699a0fcdffd7e9a2bdfbbe?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=8.10-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:212ceac279067567409c47acf7792e0c4d1955395f045e3b717040321dc1b88f_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:212ceac279067567409c47acf7792e0c4d1955395f045e3b717040321dc1b88f_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:212ceac279067567409c47acf7792e0c4d1955395f045e3b717040321dc1b88f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A212ceac279067567409c47acf7792e0c4d1955395f045e3b717040321dc1b88f?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.12.0-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:37039569fe73c3975468ffb8640c42becdd9b5304fb5e54789bf59dc67c52c9b_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:37039569fe73c3975468ffb8640c42becdd9b5304fb5e54789bf59dc67c52c9b_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:37039569fe73c3975468ffb8640c42becdd9b5304fb5e54789bf59dc67c52c9b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A37039569fe73c3975468ffb8640c42becdd9b5304fb5e54789bf59dc67c52c9b?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=3.12.13-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:38f094f62eed92d88eae0e7a9be410ef908bd0194b30240d49087ae76250e0ee_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:38f094f62eed92d88eae0e7a9be410ef908bd0194b30240d49087ae76250e0ee_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:38f094f62eed92d88eae0e7a9be410ef908bd0194b30240d49087ae76250e0ee_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A38f094f62eed92d88eae0e7a9be410ef908bd0194b30240d49087ae76250e0ee?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=3.12-1765381502"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:1b0a31b5f6d1e1493974efb8c7ca5112e6e4d8f0b8e1de8e55b7b8c1184b2293_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:1b0a31b5f6d1e1493974efb8c7ca5112e6e4d8f0b8e1de8e55b7b8c1184b2293_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:1b0a31b5f6d1e1493974efb8c7ca5112e6e4d8f0b8e1de8e55b7b8c1184b2293_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A1b0a31b5f6d1e1493974efb8c7ca5112e6e4d8f0b8e1de8e55b7b8c1184b2293?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=3.12.13-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cdf96fe7a1ad4c192b4313e804d40d5c656c3f0ced498bae2427e449f0b2df02_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cdf96fe7a1ad4c192b4313e804d40d5c656c3f0ced498bae2427e449f0b2df02_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cdf96fe7a1ad4c192b4313e804d40d5c656c3f0ced498bae2427e449f0b2df02_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Acdf96fe7a1ad4c192b4313e804d40d5c656c3f0ced498bae2427e449f0b2df02?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=3.12.13-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a71b5493009863c4f1e9ae9393ff236dc262d84ee028482ee58840fbfe392c83_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a71b5493009863c4f1e9ae9393ff236dc262d84ee028482ee58840fbfe392c83_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a71b5493009863c4f1e9ae9393ff236dc262d84ee028482ee58840fbfe392c83_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Aa71b5493009863c4f1e9ae9393ff236dc262d84ee028482ee58840fbfe392c83?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=3.14-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0ca5a583ca7ff0161ed35deeae94be78adc74100d0343b778f1edf5b77e90925_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0ca5a583ca7ff0161ed35deeae94be78adc74100d0343b778f1edf5b77e90925_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0ca5a583ca7ff0161ed35deeae94be78adc74100d0343b778f1edf5b77e90925_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A0ca5a583ca7ff0161ed35deeae94be78adc74100d0343b778f1edf5b77e90925?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=8.10-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:451da4b858587adcef52b5f1c9b7c92985bd7cc7c90f651b9e38825b81b38fb0_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:451da4b858587adcef52b5f1c9b7c92985bd7cc7c90f651b9e38825b81b38fb0_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:451da4b858587adcef52b5f1c9b7c92985bd7cc7c90f651b9e38825b81b38fb0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A451da4b858587adcef52b5f1c9b7c92985bd7cc7c90f651b9e38825b81b38fb0?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=v3.12.0-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:4e2ef7cca978574e1715c24b9874c7a0a1a46a6319884a91fe54df06efe97df1_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:4e2ef7cca978574e1715c24b9874c7a0a1a46a6319884a91fe54df06efe97df1_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:4e2ef7cca978574e1715c24b9874c7a0a1a46a6319884a91fe54df06efe97df1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A4e2ef7cca978574e1715c24b9874c7a0a1a46a6319884a91fe54df06efe97df1?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=3.12.13-1765381502"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4d0a86e557e93eb8e7d70d538f181c2d33176b3537fb8d9e3a1e76a16ee2eed5_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4d0a86e557e93eb8e7d70d538f181c2d33176b3537fb8d9e3a1e76a16ee2eed5_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:4d0a86e557e93eb8e7d70d538f181c2d33176b3537fb8d9e3a1e76a16ee2eed5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A4d0a86e557e93eb8e7d70d538f181c2d33176b3537fb8d9e3a1e76a16ee2eed5?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=3.12-1765381502"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:11091b652f65868606c3d4d3e30a04cea7396f06f119bcd0a4cf664db2aa790e_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:11091b652f65868606c3d4d3e30a04cea7396f06f119bcd0a4cf664db2aa790e_arm64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:11091b652f65868606c3d4d3e30a04cea7396f06f119bcd0a4cf664db2aa790e_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:212ceac279067567409c47acf7792e0c4d1955395f045e3b717040321dc1b88f_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:212ceac279067567409c47acf7792e0c4d1955395f045e3b717040321dc1b88f_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:212ceac279067567409c47acf7792e0c4d1955395f045e3b717040321dc1b88f_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:451da4b858587adcef52b5f1c9b7c92985bd7cc7c90f651b9e38825b81b38fb0_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:451da4b858587adcef52b5f1c9b7c92985bd7cc7c90f651b9e38825b81b38fb0_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:451da4b858587adcef52b5f1c9b7c92985bd7cc7c90f651b9e38825b81b38fb0_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:c5cb9d3d0f970ad36005f2d376547e967e4a89574cca1cf8806bb92d05199d70_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:c5cb9d3d0f970ad36005f2d376547e967e4a89574cca1cf8806bb92d05199d70_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:c5cb9d3d0f970ad36005f2d376547e967e4a89574cca1cf8806bb92d05199d70_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:0a978bbe91e0e0b8bab6862522f8a0aa8e974b778cc36b83f0781081621c8e23_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:0a978bbe91e0e0b8bab6862522f8a0aa8e974b778cc36b83f0781081621c8e23_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:0a978bbe91e0e0b8bab6862522f8a0aa8e974b778cc36b83f0781081621c8e23_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8b3684c92affc7acadcd5dc8eb80e5727081c7ecf4cc6eeafe5ecc5ea60970bb_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8b3684c92affc7acadcd5dc8eb80e5727081c7ecf4cc6eeafe5ecc5ea60970bb_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8b3684c92affc7acadcd5dc8eb80e5727081c7ecf4cc6eeafe5ecc5ea60970bb_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8d474498354d438fc9deeceb3bc89649f35d4e382e930ee721059bfeaf0f8279_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8d474498354d438fc9deeceb3bc89649f35d4e382e930ee721059bfeaf0f8279_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8d474498354d438fc9deeceb3bc89649f35d4e382e930ee721059bfeaf0f8279_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ad2119941c2e8db1691a9bfee085425c7203ab00c2cdf0a6441b1102109cfd21_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ad2119941c2e8db1691a9bfee085425c7203ab00c2cdf0a6441b1102109cfd21_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ad2119941c2e8db1691a9bfee085425c7203ab00c2cdf0a6441b1102109cfd21_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cdf96fe7a1ad4c192b4313e804d40d5c656c3f0ced498bae2427e449f0b2df02_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cdf96fe7a1ad4c192b4313e804d40d5c656c3f0ced498bae2427e449f0b2df02_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cdf96fe7a1ad4c192b4313e804d40d5c656c3f0ced498bae2427e449f0b2df02_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0c7a94928e8ef89aebdd9b30a47aaf0fe4dfb3a716603362b5c7d52255c4e842_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0c7a94928e8ef89aebdd9b30a47aaf0fe4dfb3a716603362b5c7d52255c4e842_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0c7a94928e8ef89aebdd9b30a47aaf0fe4dfb3a716603362b5c7d52255c4e842_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1f769259f2b91d47f4d4fbf92414903a62380a358737e7100a1166ccd8c89b85_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1f769259f2b91d47f4d4fbf92414903a62380a358737e7100a1166ccd8c89b85_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1f769259f2b91d47f4d4fbf92414903a62380a358737e7100a1166ccd8c89b85_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a71b5493009863c4f1e9ae9393ff236dc262d84ee028482ee58840fbfe392c83_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a71b5493009863c4f1e9ae9393ff236dc262d84ee028482ee58840fbfe392c83_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a71b5493009863c4f1e9ae9393ff236dc262d84ee028482ee58840fbfe392c83_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bd796d2de4d02f63adc767aa22b9a388b3adea40c12b0d8f158ebffabed6fee9_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bd796d2de4d02f63adc767aa22b9a388b3adea40c12b0d8f158ebffabed6fee9_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bd796d2de4d02f63adc767aa22b9a388b3adea40c12b0d8f158ebffabed6fee9_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:00eb13b3cccf326292589a680a964160c58f83391d0036c4ebcb34fad32b6189_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:00eb13b3cccf326292589a680a964160c58f83391d0036c4ebcb34fad32b6189_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:00eb13b3cccf326292589a680a964160c58f83391d0036c4ebcb34fad32b6189_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0ca5a583ca7ff0161ed35deeae94be78adc74100d0343b778f1edf5b77e90925_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ca5a583ca7ff0161ed35deeae94be78adc74100d0343b778f1edf5b77e90925_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:0ca5a583ca7ff0161ed35deeae94be78adc74100d0343b778f1edf5b77e90925_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3facbc804376b505181c2f52f0c7a433111bcedcb5699a0fcdffd7e9a2bdfbbe_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3facbc804376b505181c2f52f0c7a433111bcedcb5699a0fcdffd7e9a2bdfbbe_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3facbc804376b505181c2f52f0c7a433111bcedcb5699a0fcdffd7e9a2bdfbbe_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7a338bb18181535a2644bf70cae05042e1ef2af5a80e70a6cab6516e8f054896_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7a338bb18181535a2644bf70cae05042e1ef2af5a80e70a6cab6516e8f054896_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7a338bb18181535a2644bf70cae05042e1ef2af5a80e70a6cab6516e8f054896_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:53c387293b92691eb66ea73b1d29781cf275f01b4254c38e21620c0502987272_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:53c387293b92691eb66ea73b1d29781cf275f01b4254c38e21620c0502987272_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:53c387293b92691eb66ea73b1d29781cf275f01b4254c38e21620c0502987272_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:1b0a31b5f6d1e1493974efb8c7ca5112e6e4d8f0b8e1de8e55b7b8c1184b2293_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:1b0a31b5f6d1e1493974efb8c7ca5112e6e4d8f0b8e1de8e55b7b8c1184b2293_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:1b0a31b5f6d1e1493974efb8c7ca5112e6e4d8f0b8e1de8e55b7b8c1184b2293_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:33d0912dbad0b1702fd91abf87e38910d2b983334062044c292a0cb1714187a0_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:33d0912dbad0b1702fd91abf87e38910d2b983334062044c292a0cb1714187a0_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:33d0912dbad0b1702fd91abf87e38910d2b983334062044c292a0cb1714187a0_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7814f04947e8e98d3c4870894e320b12c557976495bdf28a89b55bf061bacf79_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7814f04947e8e98d3c4870894e320b12c557976495bdf28a89b55bf061bacf79_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7814f04947e8e98d3c4870894e320b12c557976495bdf28a89b55bf061bacf79_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b2a263d3cbf303d0dffb2c36ee2a4187c29902ce96ca1ded6f33b2edcc68fda9_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b2a263d3cbf303d0dffb2c36ee2a4187c29902ce96ca1ded6f33b2edcc68fda9_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b2a263d3cbf303d0dffb2c36ee2a4187c29902ce96ca1ded6f33b2edcc68fda9_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:1c915a6f813564b9bf8062ea5c6a83097a8dd78a38fda0171fae9cc8d81299c7_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:1c915a6f813564b9bf8062ea5c6a83097a8dd78a38fda0171fae9cc8d81299c7_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:1c915a6f813564b9bf8062ea5c6a83097a8dd78a38fda0171fae9cc8d81299c7_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:37039569fe73c3975468ffb8640c42becdd9b5304fb5e54789bf59dc67c52c9b_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:37039569fe73c3975468ffb8640c42becdd9b5304fb5e54789bf59dc67c52c9b_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:37039569fe73c3975468ffb8640c42becdd9b5304fb5e54789bf59dc67c52c9b_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:4e2ef7cca978574e1715c24b9874c7a0a1a46a6319884a91fe54df06efe97df1_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:4e2ef7cca978574e1715c24b9874c7a0a1a46a6319884a91fe54df06efe97df1_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:4e2ef7cca978574e1715c24b9874c7a0a1a46a6319884a91fe54df06efe97df1_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:b2e2d245c7ba3d1528e73b59bad428f023eeb17a1983d61edcf6a22db58911cf_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:b2e2d245c7ba3d1528e73b59bad428f023eeb17a1983d61edcf6a22db58911cf_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:b2e2d245c7ba3d1528e73b59bad428f023eeb17a1983d61edcf6a22db58911cf_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f960e1816f8babb590a55ccab9f2db1b567df749e73c70067269d32f6200bca6_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f960e1816f8babb590a55ccab9f2db1b567df749e73c70067269d32f6200bca6_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f960e1816f8babb590a55ccab9f2db1b567df749e73c70067269d32f6200bca6_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:30152d31da209c034ec39b52a32063437097eec9a4fac2eaf4a4110fea97cb70_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:30152d31da209c034ec39b52a32063437097eec9a4fac2eaf4a4110fea97cb70_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:30152d31da209c034ec39b52a32063437097eec9a4fac2eaf4a4110fea97cb70_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:38f094f62eed92d88eae0e7a9be410ef908bd0194b30240d49087ae76250e0ee_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:38f094f62eed92d88eae0e7a9be410ef908bd0194b30240d49087ae76250e0ee_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:38f094f62eed92d88eae0e7a9be410ef908bd0194b30240d49087ae76250e0ee_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4d0a86e557e93eb8e7d70d538f181c2d33176b3537fb8d9e3a1e76a16ee2eed5_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4d0a86e557e93eb8e7d70d538f181c2d33176b3537fb8d9e3a1e76a16ee2eed5_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:4d0a86e557e93eb8e7d70d538f181c2d33176b3537fb8d9e3a1e76a16ee2eed5_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a40309477f7286b6c00381012eec8d3ececb557a4b8db38e5b4ea7f321a17c79_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:a40309477f7286b6c00381012eec8d3ececb557a4b8db38e5b4ea7f321a17c79_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:a40309477f7286b6c00381012eec8d3ececb557a4b8db38e5b4ea7f321a17c79_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:11091b652f65868606c3d4d3e30a04cea7396f06f119bcd0a4cf664db2aa790e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:212ceac279067567409c47acf7792e0c4d1955395f045e3b717040321dc1b88f_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:451da4b858587adcef52b5f1c9b7c92985bd7cc7c90f651b9e38825b81b38fb0_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:c5cb9d3d0f970ad36005f2d376547e967e4a89574cca1cf8806bb92d05199d70_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:0a978bbe91e0e0b8bab6862522f8a0aa8e974b778cc36b83f0781081621c8e23_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8b3684c92affc7acadcd5dc8eb80e5727081c7ecf4cc6eeafe5ecc5ea60970bb_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8d474498354d438fc9deeceb3bc89649f35d4e382e930ee721059bfeaf0f8279_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ad2119941c2e8db1691a9bfee085425c7203ab00c2cdf0a6441b1102109cfd21_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cdf96fe7a1ad4c192b4313e804d40d5c656c3f0ced498bae2427e449f0b2df02_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0c7a94928e8ef89aebdd9b30a47aaf0fe4dfb3a716603362b5c7d52255c4e842_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1f769259f2b91d47f4d4fbf92414903a62380a358737e7100a1166ccd8c89b85_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a71b5493009863c4f1e9ae9393ff236dc262d84ee028482ee58840fbfe392c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bd796d2de4d02f63adc767aa22b9a388b3adea40c12b0d8f158ebffabed6fee9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:00eb13b3cccf326292589a680a964160c58f83391d0036c4ebcb34fad32b6189_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ca5a583ca7ff0161ed35deeae94be78adc74100d0343b778f1edf5b77e90925_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3facbc804376b505181c2f52f0c7a433111bcedcb5699a0fcdffd7e9a2bdfbbe_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7a338bb18181535a2644bf70cae05042e1ef2af5a80e70a6cab6516e8f054896_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:53c387293b92691eb66ea73b1d29781cf275f01b4254c38e21620c0502987272_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:1c915a6f813564b9bf8062ea5c6a83097a8dd78a38fda0171fae9cc8d81299c7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:37039569fe73c3975468ffb8640c42becdd9b5304fb5e54789bf59dc67c52c9b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:4e2ef7cca978574e1715c24b9874c7a0a1a46a6319884a91fe54df06efe97df1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:b2e2d245c7ba3d1528e73b59bad428f023eeb17a1983d61edcf6a22db58911cf_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f960e1816f8babb590a55ccab9f2db1b567df749e73c70067269d32f6200bca6_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:30152d31da209c034ec39b52a32063437097eec9a4fac2eaf4a4110fea97cb70_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:38f094f62eed92d88eae0e7a9be410ef908bd0194b30240d49087ae76250e0ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4d0a86e557e93eb8e7d70d538f181c2d33176b3537fb8d9e3a1e76a16ee2eed5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:a40309477f7286b6c00381012eec8d3ececb557a4b8db38e5b4ea7f321a17c79_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:1b0a31b5f6d1e1493974efb8c7ca5112e6e4d8f0b8e1de8e55b7b8c1184b2293_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:33d0912dbad0b1702fd91abf87e38910d2b983334062044c292a0cb1714187a0_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7814f04947e8e98d3c4870894e320b12c557976495bdf28a89b55bf061bacf79_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b2a263d3cbf303d0dffb2c36ee2a4187c29902ce96ca1ded6f33b2edcc68fda9_arm64"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:11091b652f65868606c3d4d3e30a04cea7396f06f119bcd0a4cf664db2aa790e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:212ceac279067567409c47acf7792e0c4d1955395f045e3b717040321dc1b88f_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:451da4b858587adcef52b5f1c9b7c92985bd7cc7c90f651b9e38825b81b38fb0_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:c5cb9d3d0f970ad36005f2d376547e967e4a89574cca1cf8806bb92d05199d70_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:0a978bbe91e0e0b8bab6862522f8a0aa8e974b778cc36b83f0781081621c8e23_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8b3684c92affc7acadcd5dc8eb80e5727081c7ecf4cc6eeafe5ecc5ea60970bb_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8d474498354d438fc9deeceb3bc89649f35d4e382e930ee721059bfeaf0f8279_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ad2119941c2e8db1691a9bfee085425c7203ab00c2cdf0a6441b1102109cfd21_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cdf96fe7a1ad4c192b4313e804d40d5c656c3f0ced498bae2427e449f0b2df02_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0c7a94928e8ef89aebdd9b30a47aaf0fe4dfb3a716603362b5c7d52255c4e842_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1f769259f2b91d47f4d4fbf92414903a62380a358737e7100a1166ccd8c89b85_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a71b5493009863c4f1e9ae9393ff236dc262d84ee028482ee58840fbfe392c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bd796d2de4d02f63adc767aa22b9a388b3adea40c12b0d8f158ebffabed6fee9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:00eb13b3cccf326292589a680a964160c58f83391d0036c4ebcb34fad32b6189_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ca5a583ca7ff0161ed35deeae94be78adc74100d0343b778f1edf5b77e90925_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3facbc804376b505181c2f52f0c7a433111bcedcb5699a0fcdffd7e9a2bdfbbe_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7a338bb18181535a2644bf70cae05042e1ef2af5a80e70a6cab6516e8f054896_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:53c387293b92691eb66ea73b1d29781cf275f01b4254c38e21620c0502987272_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:1c915a6f813564b9bf8062ea5c6a83097a8dd78a38fda0171fae9cc8d81299c7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:37039569fe73c3975468ffb8640c42becdd9b5304fb5e54789bf59dc67c52c9b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:4e2ef7cca978574e1715c24b9874c7a0a1a46a6319884a91fe54df06efe97df1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:b2e2d245c7ba3d1528e73b59bad428f023eeb17a1983d61edcf6a22db58911cf_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f960e1816f8babb590a55ccab9f2db1b567df749e73c70067269d32f6200bca6_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:30152d31da209c034ec39b52a32063437097eec9a4fac2eaf4a4110fea97cb70_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:38f094f62eed92d88eae0e7a9be410ef908bd0194b30240d49087ae76250e0ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4d0a86e557e93eb8e7d70d538f181c2d33176b3537fb8d9e3a1e76a16ee2eed5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:a40309477f7286b6c00381012eec8d3ececb557a4b8db38e5b4ea7f321a17c79_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T15:51:53+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:1b0a31b5f6d1e1493974efb8c7ca5112e6e4d8f0b8e1de8e55b7b8c1184b2293_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:33d0912dbad0b1702fd91abf87e38910d2b983334062044c292a0cb1714187a0_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7814f04947e8e98d3c4870894e320b12c557976495bdf28a89b55bf061bacf79_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b2a263d3cbf303d0dffb2c36ee2a4187c29902ce96ca1ded6f33b2edcc68fda9_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23059"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:11091b652f65868606c3d4d3e30a04cea7396f06f119bcd0a4cf664db2aa790e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:212ceac279067567409c47acf7792e0c4d1955395f045e3b717040321dc1b88f_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:451da4b858587adcef52b5f1c9b7c92985bd7cc7c90f651b9e38825b81b38fb0_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:c5cb9d3d0f970ad36005f2d376547e967e4a89574cca1cf8806bb92d05199d70_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:0a978bbe91e0e0b8bab6862522f8a0aa8e974b778cc36b83f0781081621c8e23_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8b3684c92affc7acadcd5dc8eb80e5727081c7ecf4cc6eeafe5ecc5ea60970bb_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8d474498354d438fc9deeceb3bc89649f35d4e382e930ee721059bfeaf0f8279_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ad2119941c2e8db1691a9bfee085425c7203ab00c2cdf0a6441b1102109cfd21_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cdf96fe7a1ad4c192b4313e804d40d5c656c3f0ced498bae2427e449f0b2df02_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0c7a94928e8ef89aebdd9b30a47aaf0fe4dfb3a716603362b5c7d52255c4e842_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1f769259f2b91d47f4d4fbf92414903a62380a358737e7100a1166ccd8c89b85_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a71b5493009863c4f1e9ae9393ff236dc262d84ee028482ee58840fbfe392c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bd796d2de4d02f63adc767aa22b9a388b3adea40c12b0d8f158ebffabed6fee9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:00eb13b3cccf326292589a680a964160c58f83391d0036c4ebcb34fad32b6189_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ca5a583ca7ff0161ed35deeae94be78adc74100d0343b778f1edf5b77e90925_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3facbc804376b505181c2f52f0c7a433111bcedcb5699a0fcdffd7e9a2bdfbbe_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7a338bb18181535a2644bf70cae05042e1ef2af5a80e70a6cab6516e8f054896_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:53c387293b92691eb66ea73b1d29781cf275f01b4254c38e21620c0502987272_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:1b0a31b5f6d1e1493974efb8c7ca5112e6e4d8f0b8e1de8e55b7b8c1184b2293_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:33d0912dbad0b1702fd91abf87e38910d2b983334062044c292a0cb1714187a0_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7814f04947e8e98d3c4870894e320b12c557976495bdf28a89b55bf061bacf79_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b2a263d3cbf303d0dffb2c36ee2a4187c29902ce96ca1ded6f33b2edcc68fda9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:1c915a6f813564b9bf8062ea5c6a83097a8dd78a38fda0171fae9cc8d81299c7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:37039569fe73c3975468ffb8640c42becdd9b5304fb5e54789bf59dc67c52c9b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:4e2ef7cca978574e1715c24b9874c7a0a1a46a6319884a91fe54df06efe97df1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:b2e2d245c7ba3d1528e73b59bad428f023eeb17a1983d61edcf6a22db58911cf_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f960e1816f8babb590a55ccab9f2db1b567df749e73c70067269d32f6200bca6_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:30152d31da209c034ec39b52a32063437097eec9a4fac2eaf4a4110fea97cb70_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:38f094f62eed92d88eae0e7a9be410ef908bd0194b30240d49087ae76250e0ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4d0a86e557e93eb8e7d70d538f181c2d33176b3537fb8d9e3a1e76a16ee2eed5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:a40309477f7286b6c00381012eec8d3ececb557a4b8db38e5b4ea7f321a17c79_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:11091b652f65868606c3d4d3e30a04cea7396f06f119bcd0a4cf664db2aa790e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:212ceac279067567409c47acf7792e0c4d1955395f045e3b717040321dc1b88f_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:451da4b858587adcef52b5f1c9b7c92985bd7cc7c90f651b9e38825b81b38fb0_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:c5cb9d3d0f970ad36005f2d376547e967e4a89574cca1cf8806bb92d05199d70_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:0a978bbe91e0e0b8bab6862522f8a0aa8e974b778cc36b83f0781081621c8e23_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8b3684c92affc7acadcd5dc8eb80e5727081c7ecf4cc6eeafe5ecc5ea60970bb_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8d474498354d438fc9deeceb3bc89649f35d4e382e930ee721059bfeaf0f8279_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ad2119941c2e8db1691a9bfee085425c7203ab00c2cdf0a6441b1102109cfd21_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cdf96fe7a1ad4c192b4313e804d40d5c656c3f0ced498bae2427e449f0b2df02_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0c7a94928e8ef89aebdd9b30a47aaf0fe4dfb3a716603362b5c7d52255c4e842_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1f769259f2b91d47f4d4fbf92414903a62380a358737e7100a1166ccd8c89b85_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a71b5493009863c4f1e9ae9393ff236dc262d84ee028482ee58840fbfe392c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bd796d2de4d02f63adc767aa22b9a388b3adea40c12b0d8f158ebffabed6fee9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:00eb13b3cccf326292589a680a964160c58f83391d0036c4ebcb34fad32b6189_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ca5a583ca7ff0161ed35deeae94be78adc74100d0343b778f1edf5b77e90925_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3facbc804376b505181c2f52f0c7a433111bcedcb5699a0fcdffd7e9a2bdfbbe_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7a338bb18181535a2644bf70cae05042e1ef2af5a80e70a6cab6516e8f054896_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:53c387293b92691eb66ea73b1d29781cf275f01b4254c38e21620c0502987272_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:1b0a31b5f6d1e1493974efb8c7ca5112e6e4d8f0b8e1de8e55b7b8c1184b2293_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:33d0912dbad0b1702fd91abf87e38910d2b983334062044c292a0cb1714187a0_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7814f04947e8e98d3c4870894e320b12c557976495bdf28a89b55bf061bacf79_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b2a263d3cbf303d0dffb2c36ee2a4187c29902ce96ca1ded6f33b2edcc68fda9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:1c915a6f813564b9bf8062ea5c6a83097a8dd78a38fda0171fae9cc8d81299c7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:37039569fe73c3975468ffb8640c42becdd9b5304fb5e54789bf59dc67c52c9b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:4e2ef7cca978574e1715c24b9874c7a0a1a46a6319884a91fe54df06efe97df1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:b2e2d245c7ba3d1528e73b59bad428f023eeb17a1983d61edcf6a22db58911cf_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f960e1816f8babb590a55ccab9f2db1b567df749e73c70067269d32f6200bca6_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:30152d31da209c034ec39b52a32063437097eec9a4fac2eaf4a4110fea97cb70_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:38f094f62eed92d88eae0e7a9be410ef908bd0194b30240d49087ae76250e0ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4d0a86e557e93eb8e7d70d538f181c2d33176b3537fb8d9e3a1e76a16ee2eed5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:a40309477f7286b6c00381012eec8d3ececb557a4b8db38e5b4ea7f321a17c79_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2025-47913",
"discovery_date": "2025-11-13T22:01:26.092452+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:11091b652f65868606c3d4d3e30a04cea7396f06f119bcd0a4cf664db2aa790e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:212ceac279067567409c47acf7792e0c4d1955395f045e3b717040321dc1b88f_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:451da4b858587adcef52b5f1c9b7c92985bd7cc7c90f651b9e38825b81b38fb0_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:c5cb9d3d0f970ad36005f2d376547e967e4a89574cca1cf8806bb92d05199d70_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:0a978bbe91e0e0b8bab6862522f8a0aa8e974b778cc36b83f0781081621c8e23_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8b3684c92affc7acadcd5dc8eb80e5727081c7ecf4cc6eeafe5ecc5ea60970bb_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8d474498354d438fc9deeceb3bc89649f35d4e382e930ee721059bfeaf0f8279_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ad2119941c2e8db1691a9bfee085425c7203ab00c2cdf0a6441b1102109cfd21_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cdf96fe7a1ad4c192b4313e804d40d5c656c3f0ced498bae2427e449f0b2df02_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0c7a94928e8ef89aebdd9b30a47aaf0fe4dfb3a716603362b5c7d52255c4e842_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1f769259f2b91d47f4d4fbf92414903a62380a358737e7100a1166ccd8c89b85_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a71b5493009863c4f1e9ae9393ff236dc262d84ee028482ee58840fbfe392c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bd796d2de4d02f63adc767aa22b9a388b3adea40c12b0d8f158ebffabed6fee9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:53c387293b92691eb66ea73b1d29781cf275f01b4254c38e21620c0502987272_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:1b0a31b5f6d1e1493974efb8c7ca5112e6e4d8f0b8e1de8e55b7b8c1184b2293_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:33d0912dbad0b1702fd91abf87e38910d2b983334062044c292a0cb1714187a0_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7814f04947e8e98d3c4870894e320b12c557976495bdf28a89b55bf061bacf79_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b2a263d3cbf303d0dffb2c36ee2a4187c29902ce96ca1ded6f33b2edcc68fda9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:1c915a6f813564b9bf8062ea5c6a83097a8dd78a38fda0171fae9cc8d81299c7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:37039569fe73c3975468ffb8640c42becdd9b5304fb5e54789bf59dc67c52c9b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:4e2ef7cca978574e1715c24b9874c7a0a1a46a6319884a91fe54df06efe97df1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:b2e2d245c7ba3d1528e73b59bad428f023eeb17a1983d61edcf6a22db58911cf_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f960e1816f8babb590a55ccab9f2db1b567df749e73c70067269d32f6200bca6_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:30152d31da209c034ec39b52a32063437097eec9a4fac2eaf4a4110fea97cb70_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:38f094f62eed92d88eae0e7a9be410ef908bd0194b30240d49087ae76250e0ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4d0a86e557e93eb8e7d70d538f181c2d33176b3537fb8d9e3a1e76a16ee2eed5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:a40309477f7286b6c00381012eec8d3ececb557a4b8db38e5b4ea7f321a17c79_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2414943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic(\"unreachable\") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability was marked as Important because it allows any malicious or misbehaving SSH agent to force a crash in the client process using a single valid protocol byte. The panic occurs before the client has a chance to validate message structure or recover, which means an attacker controlling\u2014or intercepting\u2014SSH agent traffic can reliably terminate processes that rely on agent interactions. In environments where SSH agents operate over forwarded sockets, shared workspaces, or CI/CD runners, this turns into a reliable, unauthenticated remote denial of service against critical automation or developer tooling. The flaw also stems from unsafe assumptions in the unmarshalling logic, where unexpected but protocol-legal message types drop into \u201cunreachable\u201d code paths instead of being handled gracefully\u2014making it a design-level reliability break rather than a simple error-handling bug. For this reason, it is rated as an important availability-impacting vulnerability rather than a moderate issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:00eb13b3cccf326292589a680a964160c58f83391d0036c4ebcb34fad32b6189_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ca5a583ca7ff0161ed35deeae94be78adc74100d0343b778f1edf5b77e90925_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3facbc804376b505181c2f52f0c7a433111bcedcb5699a0fcdffd7e9a2bdfbbe_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7a338bb18181535a2644bf70cae05042e1ef2af5a80e70a6cab6516e8f054896_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:11091b652f65868606c3d4d3e30a04cea7396f06f119bcd0a4cf664db2aa790e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:212ceac279067567409c47acf7792e0c4d1955395f045e3b717040321dc1b88f_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:451da4b858587adcef52b5f1c9b7c92985bd7cc7c90f651b9e38825b81b38fb0_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:c5cb9d3d0f970ad36005f2d376547e967e4a89574cca1cf8806bb92d05199d70_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:0a978bbe91e0e0b8bab6862522f8a0aa8e974b778cc36b83f0781081621c8e23_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8b3684c92affc7acadcd5dc8eb80e5727081c7ecf4cc6eeafe5ecc5ea60970bb_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8d474498354d438fc9deeceb3bc89649f35d4e382e930ee721059bfeaf0f8279_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ad2119941c2e8db1691a9bfee085425c7203ab00c2cdf0a6441b1102109cfd21_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cdf96fe7a1ad4c192b4313e804d40d5c656c3f0ced498bae2427e449f0b2df02_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0c7a94928e8ef89aebdd9b30a47aaf0fe4dfb3a716603362b5c7d52255c4e842_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1f769259f2b91d47f4d4fbf92414903a62380a358737e7100a1166ccd8c89b85_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a71b5493009863c4f1e9ae9393ff236dc262d84ee028482ee58840fbfe392c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bd796d2de4d02f63adc767aa22b9a388b3adea40c12b0d8f158ebffabed6fee9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:53c387293b92691eb66ea73b1d29781cf275f01b4254c38e21620c0502987272_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:1b0a31b5f6d1e1493974efb8c7ca5112e6e4d8f0b8e1de8e55b7b8c1184b2293_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:33d0912dbad0b1702fd91abf87e38910d2b983334062044c292a0cb1714187a0_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7814f04947e8e98d3c4870894e320b12c557976495bdf28a89b55bf061bacf79_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b2a263d3cbf303d0dffb2c36ee2a4187c29902ce96ca1ded6f33b2edcc68fda9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:1c915a6f813564b9bf8062ea5c6a83097a8dd78a38fda0171fae9cc8d81299c7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:37039569fe73c3975468ffb8640c42becdd9b5304fb5e54789bf59dc67c52c9b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:4e2ef7cca978574e1715c24b9874c7a0a1a46a6319884a91fe54df06efe97df1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:b2e2d245c7ba3d1528e73b59bad428f023eeb17a1983d61edcf6a22db58911cf_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f960e1816f8babb590a55ccab9f2db1b567df749e73c70067269d32f6200bca6_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:30152d31da209c034ec39b52a32063437097eec9a4fac2eaf4a4110fea97cb70_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:38f094f62eed92d88eae0e7a9be410ef908bd0194b30240d49087ae76250e0ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4d0a86e557e93eb8e7d70d538f181c2d33176b3537fb8d9e3a1e76a16ee2eed5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:a40309477f7286b6c00381012eec8d3ececb557a4b8db38e5b4ea7f321a17c79_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "RHBZ#2414943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-hcg3-q754-cr77",
"url": "https://github.com/advisories/GHSA-hcg3-q754-cr77"
},
{
"category": "external",
"summary": "https://go.dev/cl/700295",
"url": "https://go.dev/cl/700295"
},
{
"category": "external",
"summary": "https://go.dev/issue/75178",
"url": "https://go.dev/issue/75178"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4116",
"url": "https://pkg.go.dev/vuln/GO-2025-4116"
}
],
"release_date": "2025-11-13T21:29:39.907000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T15:51:53+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:00eb13b3cccf326292589a680a964160c58f83391d0036c4ebcb34fad32b6189_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ca5a583ca7ff0161ed35deeae94be78adc74100d0343b778f1edf5b77e90925_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3facbc804376b505181c2f52f0c7a433111bcedcb5699a0fcdffd7e9a2bdfbbe_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7a338bb18181535a2644bf70cae05042e1ef2af5a80e70a6cab6516e8f054896_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23059"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:11091b652f65868606c3d4d3e30a04cea7396f06f119bcd0a4cf664db2aa790e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:212ceac279067567409c47acf7792e0c4d1955395f045e3b717040321dc1b88f_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:451da4b858587adcef52b5f1c9b7c92985bd7cc7c90f651b9e38825b81b38fb0_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:c5cb9d3d0f970ad36005f2d376547e967e4a89574cca1cf8806bb92d05199d70_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:0a978bbe91e0e0b8bab6862522f8a0aa8e974b778cc36b83f0781081621c8e23_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8b3684c92affc7acadcd5dc8eb80e5727081c7ecf4cc6eeafe5ecc5ea60970bb_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8d474498354d438fc9deeceb3bc89649f35d4e382e930ee721059bfeaf0f8279_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ad2119941c2e8db1691a9bfee085425c7203ab00c2cdf0a6441b1102109cfd21_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cdf96fe7a1ad4c192b4313e804d40d5c656c3f0ced498bae2427e449f0b2df02_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0c7a94928e8ef89aebdd9b30a47aaf0fe4dfb3a716603362b5c7d52255c4e842_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1f769259f2b91d47f4d4fbf92414903a62380a358737e7100a1166ccd8c89b85_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a71b5493009863c4f1e9ae9393ff236dc262d84ee028482ee58840fbfe392c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bd796d2de4d02f63adc767aa22b9a388b3adea40c12b0d8f158ebffabed6fee9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:00eb13b3cccf326292589a680a964160c58f83391d0036c4ebcb34fad32b6189_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ca5a583ca7ff0161ed35deeae94be78adc74100d0343b778f1edf5b77e90925_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3facbc804376b505181c2f52f0c7a433111bcedcb5699a0fcdffd7e9a2bdfbbe_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7a338bb18181535a2644bf70cae05042e1ef2af5a80e70a6cab6516e8f054896_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:53c387293b92691eb66ea73b1d29781cf275f01b4254c38e21620c0502987272_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:1b0a31b5f6d1e1493974efb8c7ca5112e6e4d8f0b8e1de8e55b7b8c1184b2293_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:33d0912dbad0b1702fd91abf87e38910d2b983334062044c292a0cb1714187a0_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7814f04947e8e98d3c4870894e320b12c557976495bdf28a89b55bf061bacf79_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b2a263d3cbf303d0dffb2c36ee2a4187c29902ce96ca1ded6f33b2edcc68fda9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:1c915a6f813564b9bf8062ea5c6a83097a8dd78a38fda0171fae9cc8d81299c7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:37039569fe73c3975468ffb8640c42becdd9b5304fb5e54789bf59dc67c52c9b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:4e2ef7cca978574e1715c24b9874c7a0a1a46a6319884a91fe54df06efe97df1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:b2e2d245c7ba3d1528e73b59bad428f023eeb17a1983d61edcf6a22db58911cf_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f960e1816f8babb590a55ccab9f2db1b567df749e73c70067269d32f6200bca6_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:30152d31da209c034ec39b52a32063437097eec9a4fac2eaf4a4110fea97cb70_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:38f094f62eed92d88eae0e7a9be410ef908bd0194b30240d49087ae76250e0ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4d0a86e557e93eb8e7d70d538f181c2d33176b3537fb8d9e3a1e76a16ee2eed5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:a40309477f7286b6c00381012eec8d3ececb557a4b8db38e5b4ea7f321a17c79_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:11091b652f65868606c3d4d3e30a04cea7396f06f119bcd0a4cf664db2aa790e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:212ceac279067567409c47acf7792e0c4d1955395f045e3b717040321dc1b88f_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:451da4b858587adcef52b5f1c9b7c92985bd7cc7c90f651b9e38825b81b38fb0_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:c5cb9d3d0f970ad36005f2d376547e967e4a89574cca1cf8806bb92d05199d70_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:0a978bbe91e0e0b8bab6862522f8a0aa8e974b778cc36b83f0781081621c8e23_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8b3684c92affc7acadcd5dc8eb80e5727081c7ecf4cc6eeafe5ecc5ea60970bb_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8d474498354d438fc9deeceb3bc89649f35d4e382e930ee721059bfeaf0f8279_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ad2119941c2e8db1691a9bfee085425c7203ab00c2cdf0a6441b1102109cfd21_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cdf96fe7a1ad4c192b4313e804d40d5c656c3f0ced498bae2427e449f0b2df02_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0c7a94928e8ef89aebdd9b30a47aaf0fe4dfb3a716603362b5c7d52255c4e842_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1f769259f2b91d47f4d4fbf92414903a62380a358737e7100a1166ccd8c89b85_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a71b5493009863c4f1e9ae9393ff236dc262d84ee028482ee58840fbfe392c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bd796d2de4d02f63adc767aa22b9a388b3adea40c12b0d8f158ebffabed6fee9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:00eb13b3cccf326292589a680a964160c58f83391d0036c4ebcb34fad32b6189_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ca5a583ca7ff0161ed35deeae94be78adc74100d0343b778f1edf5b77e90925_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3facbc804376b505181c2f52f0c7a433111bcedcb5699a0fcdffd7e9a2bdfbbe_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7a338bb18181535a2644bf70cae05042e1ef2af5a80e70a6cab6516e8f054896_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:53c387293b92691eb66ea73b1d29781cf275f01b4254c38e21620c0502987272_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:1b0a31b5f6d1e1493974efb8c7ca5112e6e4d8f0b8e1de8e55b7b8c1184b2293_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:33d0912dbad0b1702fd91abf87e38910d2b983334062044c292a0cb1714187a0_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7814f04947e8e98d3c4870894e320b12c557976495bdf28a89b55bf061bacf79_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b2a263d3cbf303d0dffb2c36ee2a4187c29902ce96ca1ded6f33b2edcc68fda9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:1c915a6f813564b9bf8062ea5c6a83097a8dd78a38fda0171fae9cc8d81299c7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:37039569fe73c3975468ffb8640c42becdd9b5304fb5e54789bf59dc67c52c9b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:4e2ef7cca978574e1715c24b9874c7a0a1a46a6319884a91fe54df06efe97df1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:b2e2d245c7ba3d1528e73b59bad428f023eeb17a1983d61edcf6a22db58911cf_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f960e1816f8babb590a55ccab9f2db1b567df749e73c70067269d32f6200bca6_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:30152d31da209c034ec39b52a32063437097eec9a4fac2eaf4a4110fea97cb70_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:38f094f62eed92d88eae0e7a9be410ef908bd0194b30240d49087ae76250e0ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4d0a86e557e93eb8e7d70d538f181c2d33176b3537fb8d9e3a1e76a16ee2eed5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:a40309477f7286b6c00381012eec8d3ececb557a4b8db38e5b4ea7f321a17c79_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS"
},
{
"cve": "CVE-2025-59420",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-09-22T18:01:35.379361+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:11091b652f65868606c3d4d3e30a04cea7396f06f119bcd0a4cf664db2aa790e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:212ceac279067567409c47acf7792e0c4d1955395f045e3b717040321dc1b88f_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:451da4b858587adcef52b5f1c9b7c92985bd7cc7c90f651b9e38825b81b38fb0_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:c5cb9d3d0f970ad36005f2d376547e967e4a89574cca1cf8806bb92d05199d70_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:0a978bbe91e0e0b8bab6862522f8a0aa8e974b778cc36b83f0781081621c8e23_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8b3684c92affc7acadcd5dc8eb80e5727081c7ecf4cc6eeafe5ecc5ea60970bb_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8d474498354d438fc9deeceb3bc89649f35d4e382e930ee721059bfeaf0f8279_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ad2119941c2e8db1691a9bfee085425c7203ab00c2cdf0a6441b1102109cfd21_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cdf96fe7a1ad4c192b4313e804d40d5c656c3f0ced498bae2427e449f0b2df02_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0c7a94928e8ef89aebdd9b30a47aaf0fe4dfb3a716603362b5c7d52255c4e842_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1f769259f2b91d47f4d4fbf92414903a62380a358737e7100a1166ccd8c89b85_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a71b5493009863c4f1e9ae9393ff236dc262d84ee028482ee58840fbfe392c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bd796d2de4d02f63adc767aa22b9a388b3adea40c12b0d8f158ebffabed6fee9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:00eb13b3cccf326292589a680a964160c58f83391d0036c4ebcb34fad32b6189_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ca5a583ca7ff0161ed35deeae94be78adc74100d0343b778f1edf5b77e90925_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3facbc804376b505181c2f52f0c7a433111bcedcb5699a0fcdffd7e9a2bdfbbe_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7a338bb18181535a2644bf70cae05042e1ef2af5a80e70a6cab6516e8f054896_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:53c387293b92691eb66ea73b1d29781cf275f01b4254c38e21620c0502987272_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:1b0a31b5f6d1e1493974efb8c7ca5112e6e4d8f0b8e1de8e55b7b8c1184b2293_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:33d0912dbad0b1702fd91abf87e38910d2b983334062044c292a0cb1714187a0_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7814f04947e8e98d3c4870894e320b12c557976495bdf28a89b55bf061bacf79_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b2a263d3cbf303d0dffb2c36ee2a4187c29902ce96ca1ded6f33b2edcc68fda9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:1c915a6f813564b9bf8062ea5c6a83097a8dd78a38fda0171fae9cc8d81299c7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:37039569fe73c3975468ffb8640c42becdd9b5304fb5e54789bf59dc67c52c9b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:4e2ef7cca978574e1715c24b9874c7a0a1a46a6319884a91fe54df06efe97df1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:b2e2d245c7ba3d1528e73b59bad428f023eeb17a1983d61edcf6a22db58911cf_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f960e1816f8babb590a55ccab9f2db1b567df749e73c70067269d32f6200bca6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2397460"
}
],
"notes": [
{
"category": "description",
"text": "Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.4, Authlib\u2019s JWS verification accepts tokens that declare unknown critical header parameters (crit), violating RFC 7515 \u201cmust\u2011understand\u201d semantics. An attacker can craft a signed token with a critical header (for example, bork or cnf) that strict verifiers reject but Authlib accepts. In mixed\u2011language fleets, this enables split\u2011brain verification and can lead to policy bypass, replay, or privilege escalation. This issue has been patched in version 1.6.4.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib RFC violation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:30152d31da209c034ec39b52a32063437097eec9a4fac2eaf4a4110fea97cb70_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:38f094f62eed92d88eae0e7a9be410ef908bd0194b30240d49087ae76250e0ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4d0a86e557e93eb8e7d70d538f181c2d33176b3537fb8d9e3a1e76a16ee2eed5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:a40309477f7286b6c00381012eec8d3ececb557a4b8db38e5b4ea7f321a17c79_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:11091b652f65868606c3d4d3e30a04cea7396f06f119bcd0a4cf664db2aa790e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:212ceac279067567409c47acf7792e0c4d1955395f045e3b717040321dc1b88f_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:451da4b858587adcef52b5f1c9b7c92985bd7cc7c90f651b9e38825b81b38fb0_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:c5cb9d3d0f970ad36005f2d376547e967e4a89574cca1cf8806bb92d05199d70_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:0a978bbe91e0e0b8bab6862522f8a0aa8e974b778cc36b83f0781081621c8e23_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8b3684c92affc7acadcd5dc8eb80e5727081c7ecf4cc6eeafe5ecc5ea60970bb_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8d474498354d438fc9deeceb3bc89649f35d4e382e930ee721059bfeaf0f8279_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ad2119941c2e8db1691a9bfee085425c7203ab00c2cdf0a6441b1102109cfd21_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cdf96fe7a1ad4c192b4313e804d40d5c656c3f0ced498bae2427e449f0b2df02_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0c7a94928e8ef89aebdd9b30a47aaf0fe4dfb3a716603362b5c7d52255c4e842_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1f769259f2b91d47f4d4fbf92414903a62380a358737e7100a1166ccd8c89b85_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a71b5493009863c4f1e9ae9393ff236dc262d84ee028482ee58840fbfe392c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bd796d2de4d02f63adc767aa22b9a388b3adea40c12b0d8f158ebffabed6fee9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:00eb13b3cccf326292589a680a964160c58f83391d0036c4ebcb34fad32b6189_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ca5a583ca7ff0161ed35deeae94be78adc74100d0343b778f1edf5b77e90925_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3facbc804376b505181c2f52f0c7a433111bcedcb5699a0fcdffd7e9a2bdfbbe_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7a338bb18181535a2644bf70cae05042e1ef2af5a80e70a6cab6516e8f054896_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:53c387293b92691eb66ea73b1d29781cf275f01b4254c38e21620c0502987272_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:1b0a31b5f6d1e1493974efb8c7ca5112e6e4d8f0b8e1de8e55b7b8c1184b2293_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:33d0912dbad0b1702fd91abf87e38910d2b983334062044c292a0cb1714187a0_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7814f04947e8e98d3c4870894e320b12c557976495bdf28a89b55bf061bacf79_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b2a263d3cbf303d0dffb2c36ee2a4187c29902ce96ca1ded6f33b2edcc68fda9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:1c915a6f813564b9bf8062ea5c6a83097a8dd78a38fda0171fae9cc8d81299c7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:37039569fe73c3975468ffb8640c42becdd9b5304fb5e54789bf59dc67c52c9b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:4e2ef7cca978574e1715c24b9874c7a0a1a46a6319884a91fe54df06efe97df1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:b2e2d245c7ba3d1528e73b59bad428f023eeb17a1983d61edcf6a22db58911cf_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f960e1816f8babb590a55ccab9f2db1b567df749e73c70067269d32f6200bca6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59420"
},
{
"category": "external",
"summary": "RHBZ#2397460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397460"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59420"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59420",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59420"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/6b1813e4392eb7c168c276099ff7783b176479df",
"url": "https://github.com/authlib/authlib/commit/6b1813e4392eb7c168c276099ff7783b176479df"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32"
}
],
"release_date": "2025-09-22T17:28:53.869000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T15:51:53+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:30152d31da209c034ec39b52a32063437097eec9a4fac2eaf4a4110fea97cb70_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:38f094f62eed92d88eae0e7a9be410ef908bd0194b30240d49087ae76250e0ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4d0a86e557e93eb8e7d70d538f181c2d33176b3537fb8d9e3a1e76a16ee2eed5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:a40309477f7286b6c00381012eec8d3ececb557a4b8db38e5b4ea7f321a17c79_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23059"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:11091b652f65868606c3d4d3e30a04cea7396f06f119bcd0a4cf664db2aa790e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:212ceac279067567409c47acf7792e0c4d1955395f045e3b717040321dc1b88f_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:451da4b858587adcef52b5f1c9b7c92985bd7cc7c90f651b9e38825b81b38fb0_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:c5cb9d3d0f970ad36005f2d376547e967e4a89574cca1cf8806bb92d05199d70_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:0a978bbe91e0e0b8bab6862522f8a0aa8e974b778cc36b83f0781081621c8e23_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8b3684c92affc7acadcd5dc8eb80e5727081c7ecf4cc6eeafe5ecc5ea60970bb_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8d474498354d438fc9deeceb3bc89649f35d4e382e930ee721059bfeaf0f8279_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ad2119941c2e8db1691a9bfee085425c7203ab00c2cdf0a6441b1102109cfd21_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cdf96fe7a1ad4c192b4313e804d40d5c656c3f0ced498bae2427e449f0b2df02_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0c7a94928e8ef89aebdd9b30a47aaf0fe4dfb3a716603362b5c7d52255c4e842_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1f769259f2b91d47f4d4fbf92414903a62380a358737e7100a1166ccd8c89b85_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a71b5493009863c4f1e9ae9393ff236dc262d84ee028482ee58840fbfe392c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bd796d2de4d02f63adc767aa22b9a388b3adea40c12b0d8f158ebffabed6fee9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:00eb13b3cccf326292589a680a964160c58f83391d0036c4ebcb34fad32b6189_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ca5a583ca7ff0161ed35deeae94be78adc74100d0343b778f1edf5b77e90925_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3facbc804376b505181c2f52f0c7a433111bcedcb5699a0fcdffd7e9a2bdfbbe_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7a338bb18181535a2644bf70cae05042e1ef2af5a80e70a6cab6516e8f054896_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:53c387293b92691eb66ea73b1d29781cf275f01b4254c38e21620c0502987272_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:1b0a31b5f6d1e1493974efb8c7ca5112e6e4d8f0b8e1de8e55b7b8c1184b2293_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:33d0912dbad0b1702fd91abf87e38910d2b983334062044c292a0cb1714187a0_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7814f04947e8e98d3c4870894e320b12c557976495bdf28a89b55bf061bacf79_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b2a263d3cbf303d0dffb2c36ee2a4187c29902ce96ca1ded6f33b2edcc68fda9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:1c915a6f813564b9bf8062ea5c6a83097a8dd78a38fda0171fae9cc8d81299c7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:37039569fe73c3975468ffb8640c42becdd9b5304fb5e54789bf59dc67c52c9b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:4e2ef7cca978574e1715c24b9874c7a0a1a46a6319884a91fe54df06efe97df1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:b2e2d245c7ba3d1528e73b59bad428f023eeb17a1983d61edcf6a22db58911cf_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f960e1816f8babb590a55ccab9f2db1b567df749e73c70067269d32f6200bca6_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:30152d31da209c034ec39b52a32063437097eec9a4fac2eaf4a4110fea97cb70_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:38f094f62eed92d88eae0e7a9be410ef908bd0194b30240d49087ae76250e0ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4d0a86e557e93eb8e7d70d538f181c2d33176b3537fb8d9e3a1e76a16ee2eed5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:a40309477f7286b6c00381012eec8d3ececb557a4b8db38e5b4ea7f321a17c79_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:11091b652f65868606c3d4d3e30a04cea7396f06f119bcd0a4cf664db2aa790e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:212ceac279067567409c47acf7792e0c4d1955395f045e3b717040321dc1b88f_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:451da4b858587adcef52b5f1c9b7c92985bd7cc7c90f651b9e38825b81b38fb0_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:c5cb9d3d0f970ad36005f2d376547e967e4a89574cca1cf8806bb92d05199d70_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:0a978bbe91e0e0b8bab6862522f8a0aa8e974b778cc36b83f0781081621c8e23_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8b3684c92affc7acadcd5dc8eb80e5727081c7ecf4cc6eeafe5ecc5ea60970bb_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8d474498354d438fc9deeceb3bc89649f35d4e382e930ee721059bfeaf0f8279_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ad2119941c2e8db1691a9bfee085425c7203ab00c2cdf0a6441b1102109cfd21_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cdf96fe7a1ad4c192b4313e804d40d5c656c3f0ced498bae2427e449f0b2df02_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0c7a94928e8ef89aebdd9b30a47aaf0fe4dfb3a716603362b5c7d52255c4e842_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1f769259f2b91d47f4d4fbf92414903a62380a358737e7100a1166ccd8c89b85_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a71b5493009863c4f1e9ae9393ff236dc262d84ee028482ee58840fbfe392c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bd796d2de4d02f63adc767aa22b9a388b3adea40c12b0d8f158ebffabed6fee9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:00eb13b3cccf326292589a680a964160c58f83391d0036c4ebcb34fad32b6189_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ca5a583ca7ff0161ed35deeae94be78adc74100d0343b778f1edf5b77e90925_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3facbc804376b505181c2f52f0c7a433111bcedcb5699a0fcdffd7e9a2bdfbbe_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7a338bb18181535a2644bf70cae05042e1ef2af5a80e70a6cab6516e8f054896_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:53c387293b92691eb66ea73b1d29781cf275f01b4254c38e21620c0502987272_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:1b0a31b5f6d1e1493974efb8c7ca5112e6e4d8f0b8e1de8e55b7b8c1184b2293_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:33d0912dbad0b1702fd91abf87e38910d2b983334062044c292a0cb1714187a0_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7814f04947e8e98d3c4870894e320b12c557976495bdf28a89b55bf061bacf79_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b2a263d3cbf303d0dffb2c36ee2a4187c29902ce96ca1ded6f33b2edcc68fda9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:1c915a6f813564b9bf8062ea5c6a83097a8dd78a38fda0171fae9cc8d81299c7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:37039569fe73c3975468ffb8640c42becdd9b5304fb5e54789bf59dc67c52c9b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:4e2ef7cca978574e1715c24b9874c7a0a1a46a6319884a91fe54df06efe97df1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:b2e2d245c7ba3d1528e73b59bad428f023eeb17a1983d61edcf6a22db58911cf_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f960e1816f8babb590a55ccab9f2db1b567df749e73c70067269d32f6200bca6_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:30152d31da209c034ec39b52a32063437097eec9a4fac2eaf4a4110fea97cb70_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:38f094f62eed92d88eae0e7a9be410ef908bd0194b30240d49087ae76250e0ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4d0a86e557e93eb8e7d70d538f181c2d33176b3537fb8d9e3a1e76a16ee2eed5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:a40309477f7286b6c00381012eec8d3ececb557a4b8db38e5b4ea7f321a17c79_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib RFC violation"
},
{
"cve": "CVE-2025-61920",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-10T20:01:12.833962+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:11091b652f65868606c3d4d3e30a04cea7396f06f119bcd0a4cf664db2aa790e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:212ceac279067567409c47acf7792e0c4d1955395f045e3b717040321dc1b88f_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:451da4b858587adcef52b5f1c9b7c92985bd7cc7c90f651b9e38825b81b38fb0_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:c5cb9d3d0f970ad36005f2d376547e967e4a89574cca1cf8806bb92d05199d70_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:0a978bbe91e0e0b8bab6862522f8a0aa8e974b778cc36b83f0781081621c8e23_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8b3684c92affc7acadcd5dc8eb80e5727081c7ecf4cc6eeafe5ecc5ea60970bb_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8d474498354d438fc9deeceb3bc89649f35d4e382e930ee721059bfeaf0f8279_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ad2119941c2e8db1691a9bfee085425c7203ab00c2cdf0a6441b1102109cfd21_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cdf96fe7a1ad4c192b4313e804d40d5c656c3f0ced498bae2427e449f0b2df02_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0c7a94928e8ef89aebdd9b30a47aaf0fe4dfb3a716603362b5c7d52255c4e842_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1f769259f2b91d47f4d4fbf92414903a62380a358737e7100a1166ccd8c89b85_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a71b5493009863c4f1e9ae9393ff236dc262d84ee028482ee58840fbfe392c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bd796d2de4d02f63adc767aa22b9a388b3adea40c12b0d8f158ebffabed6fee9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:00eb13b3cccf326292589a680a964160c58f83391d0036c4ebcb34fad32b6189_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ca5a583ca7ff0161ed35deeae94be78adc74100d0343b778f1edf5b77e90925_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3facbc804376b505181c2f52f0c7a433111bcedcb5699a0fcdffd7e9a2bdfbbe_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7a338bb18181535a2644bf70cae05042e1ef2af5a80e70a6cab6516e8f054896_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:53c387293b92691eb66ea73b1d29781cf275f01b4254c38e21620c0502987272_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:1b0a31b5f6d1e1493974efb8c7ca5112e6e4d8f0b8e1de8e55b7b8c1184b2293_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:33d0912dbad0b1702fd91abf87e38910d2b983334062044c292a0cb1714187a0_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7814f04947e8e98d3c4870894e320b12c557976495bdf28a89b55bf061bacf79_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b2a263d3cbf303d0dffb2c36ee2a4187c29902ce96ca1ded6f33b2edcc68fda9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:1c915a6f813564b9bf8062ea5c6a83097a8dd78a38fda0171fae9cc8d81299c7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:37039569fe73c3975468ffb8640c42becdd9b5304fb5e54789bf59dc67c52c9b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:4e2ef7cca978574e1715c24b9874c7a0a1a46a6319884a91fe54df06efe97df1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:b2e2d245c7ba3d1528e73b59bad428f023eeb17a1983d61edcf6a22db58911cf_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f960e1816f8babb590a55ccab9f2db1b567df749e73c70067269d32f6200bca6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2403179"
}
],
"notes": [
{
"category": "description",
"text": "Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib\u2019s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url\u2011encoded header or signature spans hundreds of megabytes. During verification, Authlib decodes and parses the full input before it is rejected, driving CPU and memory consumption to hostile levels and enabling denial of service. Version 1.6.5 patches the issue. Some temporary workarounds are available. Enforce input size limits before handing tokens to Authlib and/or use application-level throttling to reduce amplification risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:30152d31da209c034ec39b52a32063437097eec9a4fac2eaf4a4110fea97cb70_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:38f094f62eed92d88eae0e7a9be410ef908bd0194b30240d49087ae76250e0ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4d0a86e557e93eb8e7d70d538f181c2d33176b3537fb8d9e3a1e76a16ee2eed5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:a40309477f7286b6c00381012eec8d3ececb557a4b8db38e5b4ea7f321a17c79_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:11091b652f65868606c3d4d3e30a04cea7396f06f119bcd0a4cf664db2aa790e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:212ceac279067567409c47acf7792e0c4d1955395f045e3b717040321dc1b88f_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:451da4b858587adcef52b5f1c9b7c92985bd7cc7c90f651b9e38825b81b38fb0_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:c5cb9d3d0f970ad36005f2d376547e967e4a89574cca1cf8806bb92d05199d70_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:0a978bbe91e0e0b8bab6862522f8a0aa8e974b778cc36b83f0781081621c8e23_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8b3684c92affc7acadcd5dc8eb80e5727081c7ecf4cc6eeafe5ecc5ea60970bb_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8d474498354d438fc9deeceb3bc89649f35d4e382e930ee721059bfeaf0f8279_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ad2119941c2e8db1691a9bfee085425c7203ab00c2cdf0a6441b1102109cfd21_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cdf96fe7a1ad4c192b4313e804d40d5c656c3f0ced498bae2427e449f0b2df02_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0c7a94928e8ef89aebdd9b30a47aaf0fe4dfb3a716603362b5c7d52255c4e842_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1f769259f2b91d47f4d4fbf92414903a62380a358737e7100a1166ccd8c89b85_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a71b5493009863c4f1e9ae9393ff236dc262d84ee028482ee58840fbfe392c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bd796d2de4d02f63adc767aa22b9a388b3adea40c12b0d8f158ebffabed6fee9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:00eb13b3cccf326292589a680a964160c58f83391d0036c4ebcb34fad32b6189_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ca5a583ca7ff0161ed35deeae94be78adc74100d0343b778f1edf5b77e90925_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3facbc804376b505181c2f52f0c7a433111bcedcb5699a0fcdffd7e9a2bdfbbe_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7a338bb18181535a2644bf70cae05042e1ef2af5a80e70a6cab6516e8f054896_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:53c387293b92691eb66ea73b1d29781cf275f01b4254c38e21620c0502987272_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:1b0a31b5f6d1e1493974efb8c7ca5112e6e4d8f0b8e1de8e55b7b8c1184b2293_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:33d0912dbad0b1702fd91abf87e38910d2b983334062044c292a0cb1714187a0_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7814f04947e8e98d3c4870894e320b12c557976495bdf28a89b55bf061bacf79_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b2a263d3cbf303d0dffb2c36ee2a4187c29902ce96ca1ded6f33b2edcc68fda9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:1c915a6f813564b9bf8062ea5c6a83097a8dd78a38fda0171fae9cc8d81299c7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:37039569fe73c3975468ffb8640c42becdd9b5304fb5e54789bf59dc67c52c9b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:4e2ef7cca978574e1715c24b9874c7a0a1a46a6319884a91fe54df06efe97df1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:b2e2d245c7ba3d1528e73b59bad428f023eeb17a1983d61edcf6a22db58911cf_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f960e1816f8babb590a55ccab9f2db1b567df749e73c70067269d32f6200bca6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61920"
},
{
"category": "external",
"summary": "RHBZ#2403179",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2403179"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61920"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61920",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61920"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e",
"url": "https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9"
}
],
"release_date": "2025-10-10T19:25:07.679000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-10T15:51:53+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:30152d31da209c034ec39b52a32063437097eec9a4fac2eaf4a4110fea97cb70_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:38f094f62eed92d88eae0e7a9be410ef908bd0194b30240d49087ae76250e0ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4d0a86e557e93eb8e7d70d538f181c2d33176b3537fb8d9e3a1e76a16ee2eed5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:a40309477f7286b6c00381012eec8d3ececb557a4b8db38e5b4ea7f321a17c79_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23059"
},
{
"category": "workaround",
"details": "Users unable to upgrade may manually enforce input size limits before handing tokens to Authlib and/or use application-level throttling to reduce amplification risk.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:11091b652f65868606c3d4d3e30a04cea7396f06f119bcd0a4cf664db2aa790e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:212ceac279067567409c47acf7792e0c4d1955395f045e3b717040321dc1b88f_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:451da4b858587adcef52b5f1c9b7c92985bd7cc7c90f651b9e38825b81b38fb0_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:c5cb9d3d0f970ad36005f2d376547e967e4a89574cca1cf8806bb92d05199d70_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:0a978bbe91e0e0b8bab6862522f8a0aa8e974b778cc36b83f0781081621c8e23_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8b3684c92affc7acadcd5dc8eb80e5727081c7ecf4cc6eeafe5ecc5ea60970bb_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8d474498354d438fc9deeceb3bc89649f35d4e382e930ee721059bfeaf0f8279_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ad2119941c2e8db1691a9bfee085425c7203ab00c2cdf0a6441b1102109cfd21_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cdf96fe7a1ad4c192b4313e804d40d5c656c3f0ced498bae2427e449f0b2df02_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0c7a94928e8ef89aebdd9b30a47aaf0fe4dfb3a716603362b5c7d52255c4e842_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1f769259f2b91d47f4d4fbf92414903a62380a358737e7100a1166ccd8c89b85_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a71b5493009863c4f1e9ae9393ff236dc262d84ee028482ee58840fbfe392c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bd796d2de4d02f63adc767aa22b9a388b3adea40c12b0d8f158ebffabed6fee9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:00eb13b3cccf326292589a680a964160c58f83391d0036c4ebcb34fad32b6189_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ca5a583ca7ff0161ed35deeae94be78adc74100d0343b778f1edf5b77e90925_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3facbc804376b505181c2f52f0c7a433111bcedcb5699a0fcdffd7e9a2bdfbbe_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7a338bb18181535a2644bf70cae05042e1ef2af5a80e70a6cab6516e8f054896_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:53c387293b92691eb66ea73b1d29781cf275f01b4254c38e21620c0502987272_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:1b0a31b5f6d1e1493974efb8c7ca5112e6e4d8f0b8e1de8e55b7b8c1184b2293_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:33d0912dbad0b1702fd91abf87e38910d2b983334062044c292a0cb1714187a0_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7814f04947e8e98d3c4870894e320b12c557976495bdf28a89b55bf061bacf79_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b2a263d3cbf303d0dffb2c36ee2a4187c29902ce96ca1ded6f33b2edcc68fda9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:1c915a6f813564b9bf8062ea5c6a83097a8dd78a38fda0171fae9cc8d81299c7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:37039569fe73c3975468ffb8640c42becdd9b5304fb5e54789bf59dc67c52c9b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:4e2ef7cca978574e1715c24b9874c7a0a1a46a6319884a91fe54df06efe97df1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:b2e2d245c7ba3d1528e73b59bad428f023eeb17a1983d61edcf6a22db58911cf_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f960e1816f8babb590a55ccab9f2db1b567df749e73c70067269d32f6200bca6_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:30152d31da209c034ec39b52a32063437097eec9a4fac2eaf4a4110fea97cb70_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:38f094f62eed92d88eae0e7a9be410ef908bd0194b30240d49087ae76250e0ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4d0a86e557e93eb8e7d70d538f181c2d33176b3537fb8d9e3a1e76a16ee2eed5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:a40309477f7286b6c00381012eec8d3ececb557a4b8db38e5b4ea7f321a17c79_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:11091b652f65868606c3d4d3e30a04cea7396f06f119bcd0a4cf664db2aa790e_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:212ceac279067567409c47acf7792e0c4d1955395f045e3b717040321dc1b88f_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:451da4b858587adcef52b5f1c9b7c92985bd7cc7c90f651b9e38825b81b38fb0_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:c5cb9d3d0f970ad36005f2d376547e967e4a89574cca1cf8806bb92d05199d70_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:0a978bbe91e0e0b8bab6862522f8a0aa8e974b778cc36b83f0781081621c8e23_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8b3684c92affc7acadcd5dc8eb80e5727081c7ecf4cc6eeafe5ecc5ea60970bb_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:8d474498354d438fc9deeceb3bc89649f35d4e382e930ee721059bfeaf0f8279_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ad2119941c2e8db1691a9bfee085425c7203ab00c2cdf0a6441b1102109cfd21_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:cdf96fe7a1ad4c192b4313e804d40d5c656c3f0ced498bae2427e449f0b2df02_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0c7a94928e8ef89aebdd9b30a47aaf0fe4dfb3a716603362b5c7d52255c4e842_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:1f769259f2b91d47f4d4fbf92414903a62380a358737e7100a1166ccd8c89b85_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:a71b5493009863c4f1e9ae9393ff236dc262d84ee028482ee58840fbfe392c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:bd796d2de4d02f63adc767aa22b9a388b3adea40c12b0d8f158ebffabed6fee9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:00eb13b3cccf326292589a680a964160c58f83391d0036c4ebcb34fad32b6189_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:0ca5a583ca7ff0161ed35deeae94be78adc74100d0343b778f1edf5b77e90925_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:3facbc804376b505181c2f52f0c7a433111bcedcb5699a0fcdffd7e9a2bdfbbe_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7a338bb18181535a2644bf70cae05042e1ef2af5a80e70a6cab6516e8f054896_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:53c387293b92691eb66ea73b1d29781cf275f01b4254c38e21620c0502987272_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:1b0a31b5f6d1e1493974efb8c7ca5112e6e4d8f0b8e1de8e55b7b8c1184b2293_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:33d0912dbad0b1702fd91abf87e38910d2b983334062044c292a0cb1714187a0_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7814f04947e8e98d3c4870894e320b12c557976495bdf28a89b55bf061bacf79_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b2a263d3cbf303d0dffb2c36ee2a4187c29902ce96ca1ded6f33b2edcc68fda9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:1c915a6f813564b9bf8062ea5c6a83097a8dd78a38fda0171fae9cc8d81299c7_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:37039569fe73c3975468ffb8640c42becdd9b5304fb5e54789bf59dc67c52c9b_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:4e2ef7cca978574e1715c24b9874c7a0a1a46a6319884a91fe54df06efe97df1_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:b2e2d245c7ba3d1528e73b59bad428f023eeb17a1983d61edcf6a22db58911cf_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:f960e1816f8babb590a55ccab9f2db1b567df749e73c70067269d32f6200bca6_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:30152d31da209c034ec39b52a32063437097eec9a4fac2eaf4a4110fea97cb70_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:38f094f62eed92d88eae0e7a9be410ef908bd0194b30240d49087ae76250e0ee_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4d0a86e557e93eb8e7d70d538f181c2d33176b3537fb8d9e3a1e76a16ee2eed5_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:a40309477f7286b6c00381012eec8d3ececb557a4b8db38e5b4ea7f321a17c79_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib Denial of Service"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…