Vulnerability-Lookup

RHSA-2026:0761

Vulnerability from csaf_redhat - Published: 2026-01-19 03:34 - Updated: 2026-01-19 16:20

Summary

Red Hat Security Advisory: Red Hat build of Cryostat security update

Notes

Topic

An update is now available for the Red Hat build of Cryostat 4 on RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

An update is now available for the Red Hat build of Cryostat 4 on RHEL 9. Security Fix(es): * lz4-java: Information Disclosure via Insufficient Output Buffer Clearing (CVE-2025-66566) * qs: Denial of Service via improper input validation in array parsing (CVE-2025-15284) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for the Red Hat build of Cryostat 4 on RHEL 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "An update is now available for the Red Hat build of Cryostat 4 on RHEL 9.\n\nSecurity Fix(es):\n\n* lz4-java: Information Disclosure via Insufficient Output Buffer Clearing (CVE-2025-66566)\n* qs: Denial of Service via improper input validation in array parsing (CVE-2025-15284)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:0761",
        "url": "https://access.redhat.com/errata/RHSA-2026:0761"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2419500",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419500"
      },
      {
        "category": "external",
        "summary": "2425946",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0761.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat build of Cryostat security update",
    "tracking": {
      "current_release_date": "2026-01-19T16:20:53+00:00",
      "generator": {
        "date": "2026-01-19T16:20:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.15"
        }
      },
      "id": "RHSA-2026:0761",
      "initial_release_date": "2026-01-19T03:34:11+00:00",
      "revision_history": [
        {
          "date": "2026-01-19T03:34:11+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-01-19T03:34:11+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-01-19T16:20:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Cryostat 4 on RHEL 9",
                "product": {
                  "name": "Cryostat 4 on RHEL 9",
                  "product_id": "9Base-Cryostat-4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:cryostat:4::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Cryostat"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cryostat/cryostat-agent-init-rhel9@sha256:47f169436c4a6e40c8e829af7e753e481b5e672ca24b59971a2914807e968bc7_amd64",
                "product": {
                  "name": "cryostat/cryostat-agent-init-rhel9@sha256:47f169436c4a6e40c8e829af7e753e481b5e672ca24b59971a2914807e968bc7_amd64",
                  "product_id": "cryostat/cryostat-agent-init-rhel9@sha256:47f169436c4a6e40c8e829af7e753e481b5e672ca24b59971a2914807e968bc7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-agent-init-rhel9@sha256:47f169436c4a6e40c8e829af7e753e481b5e672ca24b59971a2914807e968bc7?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-agent-init-rhel9\u0026tag=0.6.0-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-db-rhel9@sha256:58a80ea179c75c8cfba9c1171930c647f8b1da4f6720925166ba88debb562f68_amd64",
                "product": {
                  "name": "cryostat/cryostat-db-rhel9@sha256:58a80ea179c75c8cfba9c1171930c647f8b1da4f6720925166ba88debb562f68_amd64",
                  "product_id": "cryostat/cryostat-db-rhel9@sha256:58a80ea179c75c8cfba9c1171930c647f8b1da4f6720925166ba88debb562f68_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-db-rhel9@sha256:58a80ea179c75c8cfba9c1171930c647f8b1da4f6720925166ba88debb562f68?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-db-rhel9\u0026tag=4.1.0-21"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:449cdba9e4b8d185a14530cb4877532a6e8dccbd9892862f03caffd3255e7d4d_amd64",
                "product": {
                  "name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:449cdba9e4b8d185a14530cb4877532a6e8dccbd9892862f03caffd3255e7d4d_amd64",
                  "product_id": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:449cdba9e4b8d185a14530cb4877532a6e8dccbd9892862f03caffd3255e7d4d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-grafana-dashboard-rhel9@sha256:449cdba9e4b8d185a14530cb4877532a6e8dccbd9892862f03caffd3255e7d4d?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-grafana-dashboard-rhel9\u0026tag=4.1.0-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d5052b06326f477548bc4e5d0b941040dd8263e5f1d431dca86cc1d19cdfb227_amd64",
                "product": {
                  "name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d5052b06326f477548bc4e5d0b941040dd8263e5f1d431dca86cc1d19cdfb227_amd64",
                  "product_id": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d5052b06326f477548bc4e5d0b941040dd8263e5f1d431dca86cc1d19cdfb227_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-openshift-console-plugin-rhel9@sha256:d5052b06326f477548bc4e5d0b941040dd8263e5f1d431dca86cc1d19cdfb227?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-openshift-console-plugin-rhel9\u0026tag=4.1.0-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-reports-rhel9@sha256:3ba64d19551ff3ebfe9fd9939e0fd338135addb278c29f32c6d3dbdfba72c682_amd64",
                "product": {
                  "name": "cryostat/cryostat-reports-rhel9@sha256:3ba64d19551ff3ebfe9fd9939e0fd338135addb278c29f32c6d3dbdfba72c682_amd64",
                  "product_id": "cryostat/cryostat-reports-rhel9@sha256:3ba64d19551ff3ebfe9fd9939e0fd338135addb278c29f32c6d3dbdfba72c682_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-reports-rhel9@sha256:3ba64d19551ff3ebfe9fd9939e0fd338135addb278c29f32c6d3dbdfba72c682?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-reports-rhel9\u0026tag=4.1.0-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-rhel9@sha256:89580204b1fb3c1df3fcccb6b22cf47f4b5a7f76cc779984274c72b24c9d0f37_amd64",
                "product": {
                  "name": "cryostat/cryostat-rhel9@sha256:89580204b1fb3c1df3fcccb6b22cf47f4b5a7f76cc779984274c72b24c9d0f37_amd64",
                  "product_id": "cryostat/cryostat-rhel9@sha256:89580204b1fb3c1df3fcccb6b22cf47f4b5a7f76cc779984274c72b24c9d0f37_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel9@sha256:89580204b1fb3c1df3fcccb6b22cf47f4b5a7f76cc779984274c72b24c9d0f37?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9\u0026tag=4.1.0-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-operator-bundle@sha256:3990bc1d5cdbba8a52bfd6e22811d056b122e3d0e423eb9fd6480ac02f56a8bc_amd64",
                "product": {
                  "name": "cryostat/cryostat-operator-bundle@sha256:3990bc1d5cdbba8a52bfd6e22811d056b122e3d0e423eb9fd6480ac02f56a8bc_amd64",
                  "product_id": "cryostat/cryostat-operator-bundle@sha256:3990bc1d5cdbba8a52bfd6e22811d056b122e3d0e423eb9fd6480ac02f56a8bc_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-operator-bundle@sha256:3990bc1d5cdbba8a52bfd6e22811d056b122e3d0e423eb9fd6480ac02f56a8bc?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-operator-bundle\u0026tag=4.1.0-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-rhel9-operator@sha256:9e066a2c850468e029b0b0c78857a96d71f4ed005a1b29b903f47dcd74e308ce_amd64",
                "product": {
                  "name": "cryostat/cryostat-rhel9-operator@sha256:9e066a2c850468e029b0b0c78857a96d71f4ed005a1b29b903f47dcd74e308ce_amd64",
                  "product_id": "cryostat/cryostat-rhel9-operator@sha256:9e066a2c850468e029b0b0c78857a96d71f4ed005a1b29b903f47dcd74e308ce_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel9-operator@sha256:9e066a2c850468e029b0b0c78857a96d71f4ed005a1b29b903f47dcd74e308ce?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9-operator\u0026tag=4.1.0-21"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-storage-rhel9@sha256:e421d42889a7f26d7023c6d13cf24f299a76967fa3c89bf7a7aaa226fe5fd5fb_amd64",
                "product": {
                  "name": "cryostat/cryostat-storage-rhel9@sha256:e421d42889a7f26d7023c6d13cf24f299a76967fa3c89bf7a7aaa226fe5fd5fb_amd64",
                  "product_id": "cryostat/cryostat-storage-rhel9@sha256:e421d42889a7f26d7023c6d13cf24f299a76967fa3c89bf7a7aaa226fe5fd5fb_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-storage-rhel9@sha256:e421d42889a7f26d7023c6d13cf24f299a76967fa3c89bf7a7aaa226fe5fd5fb?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-storage-rhel9\u0026tag=4.1.0-21"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/jfr-datasource-rhel9@sha256:3ba904612846ada1e6fc3d48e35c33642b93030a41dd148e7fac998ba59ab960_amd64",
                "product": {
                  "name": "cryostat/jfr-datasource-rhel9@sha256:3ba904612846ada1e6fc3d48e35c33642b93030a41dd148e7fac998ba59ab960_amd64",
                  "product_id": "cryostat/jfr-datasource-rhel9@sha256:3ba904612846ada1e6fc3d48e35c33642b93030a41dd148e7fac998ba59ab960_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/jfr-datasource-rhel9@sha256:3ba904612846ada1e6fc3d48e35c33642b93030a41dd148e7fac998ba59ab960?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/jfr-datasource-rhel9\u0026tag=4.1.0-16"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cryostat/cryostat-agent-init-rhel9@sha256:85f9a6db86ade5099c06d162d6affcd65f117f8449e3f18df628a89ba90e7eb1_arm64",
                "product": {
                  "name": "cryostat/cryostat-agent-init-rhel9@sha256:85f9a6db86ade5099c06d162d6affcd65f117f8449e3f18df628a89ba90e7eb1_arm64",
                  "product_id": "cryostat/cryostat-agent-init-rhel9@sha256:85f9a6db86ade5099c06d162d6affcd65f117f8449e3f18df628a89ba90e7eb1_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-agent-init-rhel9@sha256:85f9a6db86ade5099c06d162d6affcd65f117f8449e3f18df628a89ba90e7eb1?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-agent-init-rhel9\u0026tag=0.6.0-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-db-rhel9@sha256:5abe74e5e4e6c0272cb013786441d99f3c182f56e120f8db68bfa2288a2b0741_arm64",
                "product": {
                  "name": "cryostat/cryostat-db-rhel9@sha256:5abe74e5e4e6c0272cb013786441d99f3c182f56e120f8db68bfa2288a2b0741_arm64",
                  "product_id": "cryostat/cryostat-db-rhel9@sha256:5abe74e5e4e6c0272cb013786441d99f3c182f56e120f8db68bfa2288a2b0741_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-db-rhel9@sha256:5abe74e5e4e6c0272cb013786441d99f3c182f56e120f8db68bfa2288a2b0741?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-db-rhel9\u0026tag=4.1.0-21"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:30742c883d8b607beace385e79829d3e954b222e973ebda2ebbe80d05b89df4a_arm64",
                "product": {
                  "name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:30742c883d8b607beace385e79829d3e954b222e973ebda2ebbe80d05b89df4a_arm64",
                  "product_id": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:30742c883d8b607beace385e79829d3e954b222e973ebda2ebbe80d05b89df4a_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-grafana-dashboard-rhel9@sha256:30742c883d8b607beace385e79829d3e954b222e973ebda2ebbe80d05b89df4a?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-grafana-dashboard-rhel9\u0026tag=4.1.0-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:42ad2b45f4837a3a7145bb5465193c0fbd0f9a19cd084319ae3cec2c044d7749_arm64",
                "product": {
                  "name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:42ad2b45f4837a3a7145bb5465193c0fbd0f9a19cd084319ae3cec2c044d7749_arm64",
                  "product_id": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:42ad2b45f4837a3a7145bb5465193c0fbd0f9a19cd084319ae3cec2c044d7749_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-openshift-console-plugin-rhel9@sha256:42ad2b45f4837a3a7145bb5465193c0fbd0f9a19cd084319ae3cec2c044d7749?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-openshift-console-plugin-rhel9\u0026tag=4.1.0-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-reports-rhel9@sha256:0dc529cfd1c5b62bab2b45a002029260ee1add496bf771ddf430d7f2388a3a3c_arm64",
                "product": {
                  "name": "cryostat/cryostat-reports-rhel9@sha256:0dc529cfd1c5b62bab2b45a002029260ee1add496bf771ddf430d7f2388a3a3c_arm64",
                  "product_id": "cryostat/cryostat-reports-rhel9@sha256:0dc529cfd1c5b62bab2b45a002029260ee1add496bf771ddf430d7f2388a3a3c_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-reports-rhel9@sha256:0dc529cfd1c5b62bab2b45a002029260ee1add496bf771ddf430d7f2388a3a3c?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-reports-rhel9\u0026tag=4.1.0-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-rhel9@sha256:b15d84cdd4f637461f3776b3170f80f330da4fffede49aec08bae13031e3d89a_arm64",
                "product": {
                  "name": "cryostat/cryostat-rhel9@sha256:b15d84cdd4f637461f3776b3170f80f330da4fffede49aec08bae13031e3d89a_arm64",
                  "product_id": "cryostat/cryostat-rhel9@sha256:b15d84cdd4f637461f3776b3170f80f330da4fffede49aec08bae13031e3d89a_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel9@sha256:b15d84cdd4f637461f3776b3170f80f330da4fffede49aec08bae13031e3d89a?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9\u0026tag=4.1.0-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-operator-bundle@sha256:bde9b20b5563b1f76e64adfd16325158dd4d6a3d7f5cc6bb114c11e6bdf8d863_arm64",
                "product": {
                  "name": "cryostat/cryostat-operator-bundle@sha256:bde9b20b5563b1f76e64adfd16325158dd4d6a3d7f5cc6bb114c11e6bdf8d863_arm64",
                  "product_id": "cryostat/cryostat-operator-bundle@sha256:bde9b20b5563b1f76e64adfd16325158dd4d6a3d7f5cc6bb114c11e6bdf8d863_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-operator-bundle@sha256:bde9b20b5563b1f76e64adfd16325158dd4d6a3d7f5cc6bb114c11e6bdf8d863?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-operator-bundle\u0026tag=4.1.0-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-rhel9-operator@sha256:1faf17c23b013dff6ef9967fb12c35df9cb44c816ad2422ddf028006c35ee003_arm64",
                "product": {
                  "name": "cryostat/cryostat-rhel9-operator@sha256:1faf17c23b013dff6ef9967fb12c35df9cb44c816ad2422ddf028006c35ee003_arm64",
                  "product_id": "cryostat/cryostat-rhel9-operator@sha256:1faf17c23b013dff6ef9967fb12c35df9cb44c816ad2422ddf028006c35ee003_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel9-operator@sha256:1faf17c23b013dff6ef9967fb12c35df9cb44c816ad2422ddf028006c35ee003?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9-operator\u0026tag=4.1.0-21"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-storage-rhel9@sha256:2309b2886630d23f88c169d53a0213547d1ad42d337c77332dcb279ee31c6c3f_arm64",
                "product": {
                  "name": "cryostat/cryostat-storage-rhel9@sha256:2309b2886630d23f88c169d53a0213547d1ad42d337c77332dcb279ee31c6c3f_arm64",
                  "product_id": "cryostat/cryostat-storage-rhel9@sha256:2309b2886630d23f88c169d53a0213547d1ad42d337c77332dcb279ee31c6c3f_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-storage-rhel9@sha256:2309b2886630d23f88c169d53a0213547d1ad42d337c77332dcb279ee31c6c3f?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-storage-rhel9\u0026tag=4.1.0-21"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/jfr-datasource-rhel9@sha256:3e9168fa43bfd9af8c55c73b45359c06ad65cd22d10770ba5c75fe83d0c5f948_arm64",
                "product": {
                  "name": "cryostat/jfr-datasource-rhel9@sha256:3e9168fa43bfd9af8c55c73b45359c06ad65cd22d10770ba5c75fe83d0c5f948_arm64",
                  "product_id": "cryostat/jfr-datasource-rhel9@sha256:3e9168fa43bfd9af8c55c73b45359c06ad65cd22d10770ba5c75fe83d0c5f948_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/jfr-datasource-rhel9@sha256:3e9168fa43bfd9af8c55c73b45359c06ad65cd22d10770ba5c75fe83d0c5f948?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/jfr-datasource-rhel9\u0026tag=4.1.0-16"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-agent-init-rhel9@sha256:47f169436c4a6e40c8e829af7e753e481b5e672ca24b59971a2914807e968bc7_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:47f169436c4a6e40c8e829af7e753e481b5e672ca24b59971a2914807e968bc7_amd64"
        },
        "product_reference": "cryostat/cryostat-agent-init-rhel9@sha256:47f169436c4a6e40c8e829af7e753e481b5e672ca24b59971a2914807e968bc7_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-agent-init-rhel9@sha256:85f9a6db86ade5099c06d162d6affcd65f117f8449e3f18df628a89ba90e7eb1_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:85f9a6db86ade5099c06d162d6affcd65f117f8449e3f18df628a89ba90e7eb1_arm64"
        },
        "product_reference": "cryostat/cryostat-agent-init-rhel9@sha256:85f9a6db86ade5099c06d162d6affcd65f117f8449e3f18df628a89ba90e7eb1_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-db-rhel9@sha256:58a80ea179c75c8cfba9c1171930c647f8b1da4f6720925166ba88debb562f68_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:58a80ea179c75c8cfba9c1171930c647f8b1da4f6720925166ba88debb562f68_amd64"
        },
        "product_reference": "cryostat/cryostat-db-rhel9@sha256:58a80ea179c75c8cfba9c1171930c647f8b1da4f6720925166ba88debb562f68_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-db-rhel9@sha256:5abe74e5e4e6c0272cb013786441d99f3c182f56e120f8db68bfa2288a2b0741_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:5abe74e5e4e6c0272cb013786441d99f3c182f56e120f8db68bfa2288a2b0741_arm64"
        },
        "product_reference": "cryostat/cryostat-db-rhel9@sha256:5abe74e5e4e6c0272cb013786441d99f3c182f56e120f8db68bfa2288a2b0741_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:30742c883d8b607beace385e79829d3e954b222e973ebda2ebbe80d05b89df4a_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:30742c883d8b607beace385e79829d3e954b222e973ebda2ebbe80d05b89df4a_arm64"
        },
        "product_reference": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:30742c883d8b607beace385e79829d3e954b222e973ebda2ebbe80d05b89df4a_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:449cdba9e4b8d185a14530cb4877532a6e8dccbd9892862f03caffd3255e7d4d_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:449cdba9e4b8d185a14530cb4877532a6e8dccbd9892862f03caffd3255e7d4d_amd64"
        },
        "product_reference": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:449cdba9e4b8d185a14530cb4877532a6e8dccbd9892862f03caffd3255e7d4d_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:42ad2b45f4837a3a7145bb5465193c0fbd0f9a19cd084319ae3cec2c044d7749_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:42ad2b45f4837a3a7145bb5465193c0fbd0f9a19cd084319ae3cec2c044d7749_arm64"
        },
        "product_reference": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:42ad2b45f4837a3a7145bb5465193c0fbd0f9a19cd084319ae3cec2c044d7749_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d5052b06326f477548bc4e5d0b941040dd8263e5f1d431dca86cc1d19cdfb227_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d5052b06326f477548bc4e5d0b941040dd8263e5f1d431dca86cc1d19cdfb227_amd64"
        },
        "product_reference": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d5052b06326f477548bc4e5d0b941040dd8263e5f1d431dca86cc1d19cdfb227_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-operator-bundle@sha256:3990bc1d5cdbba8a52bfd6e22811d056b122e3d0e423eb9fd6480ac02f56a8bc_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:3990bc1d5cdbba8a52bfd6e22811d056b122e3d0e423eb9fd6480ac02f56a8bc_amd64"
        },
        "product_reference": "cryostat/cryostat-operator-bundle@sha256:3990bc1d5cdbba8a52bfd6e22811d056b122e3d0e423eb9fd6480ac02f56a8bc_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-operator-bundle@sha256:bde9b20b5563b1f76e64adfd16325158dd4d6a3d7f5cc6bb114c11e6bdf8d863_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:bde9b20b5563b1f76e64adfd16325158dd4d6a3d7f5cc6bb114c11e6bdf8d863_arm64"
        },
        "product_reference": "cryostat/cryostat-operator-bundle@sha256:bde9b20b5563b1f76e64adfd16325158dd4d6a3d7f5cc6bb114c11e6bdf8d863_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-reports-rhel9@sha256:0dc529cfd1c5b62bab2b45a002029260ee1add496bf771ddf430d7f2388a3a3c_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:0dc529cfd1c5b62bab2b45a002029260ee1add496bf771ddf430d7f2388a3a3c_arm64"
        },
        "product_reference": "cryostat/cryostat-reports-rhel9@sha256:0dc529cfd1c5b62bab2b45a002029260ee1add496bf771ddf430d7f2388a3a3c_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-reports-rhel9@sha256:3ba64d19551ff3ebfe9fd9939e0fd338135addb278c29f32c6d3dbdfba72c682_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:3ba64d19551ff3ebfe9fd9939e0fd338135addb278c29f32c6d3dbdfba72c682_amd64"
        },
        "product_reference": "cryostat/cryostat-reports-rhel9@sha256:3ba64d19551ff3ebfe9fd9939e0fd338135addb278c29f32c6d3dbdfba72c682_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-rhel9-operator@sha256:1faf17c23b013dff6ef9967fb12c35df9cb44c816ad2422ddf028006c35ee003_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:1faf17c23b013dff6ef9967fb12c35df9cb44c816ad2422ddf028006c35ee003_arm64"
        },
        "product_reference": "cryostat/cryostat-rhel9-operator@sha256:1faf17c23b013dff6ef9967fb12c35df9cb44c816ad2422ddf028006c35ee003_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-rhel9-operator@sha256:9e066a2c850468e029b0b0c78857a96d71f4ed005a1b29b903f47dcd74e308ce_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:9e066a2c850468e029b0b0c78857a96d71f4ed005a1b29b903f47dcd74e308ce_amd64"
        },
        "product_reference": "cryostat/cryostat-rhel9-operator@sha256:9e066a2c850468e029b0b0c78857a96d71f4ed005a1b29b903f47dcd74e308ce_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-rhel9@sha256:89580204b1fb3c1df3fcccb6b22cf47f4b5a7f76cc779984274c72b24c9d0f37_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:89580204b1fb3c1df3fcccb6b22cf47f4b5a7f76cc779984274c72b24c9d0f37_amd64"
        },
        "product_reference": "cryostat/cryostat-rhel9@sha256:89580204b1fb3c1df3fcccb6b22cf47f4b5a7f76cc779984274c72b24c9d0f37_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-rhel9@sha256:b15d84cdd4f637461f3776b3170f80f330da4fffede49aec08bae13031e3d89a_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:b15d84cdd4f637461f3776b3170f80f330da4fffede49aec08bae13031e3d89a_arm64"
        },
        "product_reference": "cryostat/cryostat-rhel9@sha256:b15d84cdd4f637461f3776b3170f80f330da4fffede49aec08bae13031e3d89a_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-storage-rhel9@sha256:2309b2886630d23f88c169d53a0213547d1ad42d337c77332dcb279ee31c6c3f_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:2309b2886630d23f88c169d53a0213547d1ad42d337c77332dcb279ee31c6c3f_arm64"
        },
        "product_reference": "cryostat/cryostat-storage-rhel9@sha256:2309b2886630d23f88c169d53a0213547d1ad42d337c77332dcb279ee31c6c3f_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-storage-rhel9@sha256:e421d42889a7f26d7023c6d13cf24f299a76967fa3c89bf7a7aaa226fe5fd5fb_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:e421d42889a7f26d7023c6d13cf24f299a76967fa3c89bf7a7aaa226fe5fd5fb_amd64"
        },
        "product_reference": "cryostat/cryostat-storage-rhel9@sha256:e421d42889a7f26d7023c6d13cf24f299a76967fa3c89bf7a7aaa226fe5fd5fb_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/jfr-datasource-rhel9@sha256:3ba904612846ada1e6fc3d48e35c33642b93030a41dd148e7fac998ba59ab960_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3ba904612846ada1e6fc3d48e35c33642b93030a41dd148e7fac998ba59ab960_amd64"
        },
        "product_reference": "cryostat/jfr-datasource-rhel9@sha256:3ba904612846ada1e6fc3d48e35c33642b93030a41dd148e7fac998ba59ab960_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/jfr-datasource-rhel9@sha256:3e9168fa43bfd9af8c55c73b45359c06ad65cd22d10770ba5c75fe83d0c5f948_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3e9168fa43bfd9af8c55c73b45359c06ad65cd22d10770ba5c75fe83d0c5f948_arm64"
        },
        "product_reference": "cryostat/jfr-datasource-rhel9@sha256:3e9168fa43bfd9af8c55c73b45359c06ad65cd22d10770ba5c75fe83d0c5f948_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-15284",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-12-29T23:00:58.541337+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:47f169436c4a6e40c8e829af7e753e481b5e672ca24b59971a2914807e968bc7_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:85f9a6db86ade5099c06d162d6affcd65f117f8449e3f18df628a89ba90e7eb1_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:58a80ea179c75c8cfba9c1171930c647f8b1da4f6720925166ba88debb562f68_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:5abe74e5e4e6c0272cb013786441d99f3c182f56e120f8db68bfa2288a2b0741_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:30742c883d8b607beace385e79829d3e954b222e973ebda2ebbe80d05b89df4a_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:449cdba9e4b8d185a14530cb4877532a6e8dccbd9892862f03caffd3255e7d4d_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:3990bc1d5cdbba8a52bfd6e22811d056b122e3d0e423eb9fd6480ac02f56a8bc_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:bde9b20b5563b1f76e64adfd16325158dd4d6a3d7f5cc6bb114c11e6bdf8d863_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:0dc529cfd1c5b62bab2b45a002029260ee1add496bf771ddf430d7f2388a3a3c_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:3ba64d19551ff3ebfe9fd9939e0fd338135addb278c29f32c6d3dbdfba72c682_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:1faf17c23b013dff6ef9967fb12c35df9cb44c816ad2422ddf028006c35ee003_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:9e066a2c850468e029b0b0c78857a96d71f4ed005a1b29b903f47dcd74e308ce_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:89580204b1fb3c1df3fcccb6b22cf47f4b5a7f76cc779984274c72b24c9d0f37_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:b15d84cdd4f637461f3776b3170f80f330da4fffede49aec08bae13031e3d89a_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:2309b2886630d23f88c169d53a0213547d1ad42d337c77332dcb279ee31c6c3f_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:e421d42889a7f26d7023c6d13cf24f299a76967fa3c89bf7a7aaa226fe5fd5fb_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3ba904612846ada1e6fc3d48e35c33642b93030a41dd148e7fac998ba59ab960_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3e9168fa43bfd9af8c55c73b45359c06ad65cd22d10770ba5c75fe83d0c5f948_arm64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2425946"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "qs: qs: Denial of Service via improper input validation in array parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:42ad2b45f4837a3a7145bb5465193c0fbd0f9a19cd084319ae3cec2c044d7749_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d5052b06326f477548bc4e5d0b941040dd8263e5f1d431dca86cc1d19cdfb227_amd64"
        ],
        "known_not_affected": [
          "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:47f169436c4a6e40c8e829af7e753e481b5e672ca24b59971a2914807e968bc7_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:85f9a6db86ade5099c06d162d6affcd65f117f8449e3f18df628a89ba90e7eb1_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:58a80ea179c75c8cfba9c1171930c647f8b1da4f6720925166ba88debb562f68_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:5abe74e5e4e6c0272cb013786441d99f3c182f56e120f8db68bfa2288a2b0741_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:30742c883d8b607beace385e79829d3e954b222e973ebda2ebbe80d05b89df4a_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:449cdba9e4b8d185a14530cb4877532a6e8dccbd9892862f03caffd3255e7d4d_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:3990bc1d5cdbba8a52bfd6e22811d056b122e3d0e423eb9fd6480ac02f56a8bc_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:bde9b20b5563b1f76e64adfd16325158dd4d6a3d7f5cc6bb114c11e6bdf8d863_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:0dc529cfd1c5b62bab2b45a002029260ee1add496bf771ddf430d7f2388a3a3c_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:3ba64d19551ff3ebfe9fd9939e0fd338135addb278c29f32c6d3dbdfba72c682_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:1faf17c23b013dff6ef9967fb12c35df9cb44c816ad2422ddf028006c35ee003_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:9e066a2c850468e029b0b0c78857a96d71f4ed005a1b29b903f47dcd74e308ce_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:89580204b1fb3c1df3fcccb6b22cf47f4b5a7f76cc779984274c72b24c9d0f37_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:b15d84cdd4f637461f3776b3170f80f330da4fffede49aec08bae13031e3d89a_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:2309b2886630d23f88c169d53a0213547d1ad42d337c77332dcb279ee31c6c3f_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:e421d42889a7f26d7023c6d13cf24f299a76967fa3c89bf7a7aaa226fe5fd5fb_amd64",
          "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3ba904612846ada1e6fc3d48e35c33642b93030a41dd148e7fac998ba59ab960_amd64",
          "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3e9168fa43bfd9af8c55c73b45359c06ad65cd22d10770ba5c75fe83d0c5f948_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-15284"
        },
        {
          "category": "external",
          "summary": "RHBZ#2425946",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
        },
        {
          "category": "external",
          "summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
          "url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
        },
        {
          "category": "external",
          "summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
          "url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
        }
      ],
      "release_date": "2025-12-29T22:56:45.240000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-19T03:34:11+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:42ad2b45f4837a3a7145bb5465193c0fbd0f9a19cd084319ae3cec2c044d7749_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d5052b06326f477548bc4e5d0b941040dd8263e5f1d431dca86cc1d19cdfb227_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0761"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:47f169436c4a6e40c8e829af7e753e481b5e672ca24b59971a2914807e968bc7_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:85f9a6db86ade5099c06d162d6affcd65f117f8449e3f18df628a89ba90e7eb1_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:58a80ea179c75c8cfba9c1171930c647f8b1da4f6720925166ba88debb562f68_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:5abe74e5e4e6c0272cb013786441d99f3c182f56e120f8db68bfa2288a2b0741_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:30742c883d8b607beace385e79829d3e954b222e973ebda2ebbe80d05b89df4a_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:449cdba9e4b8d185a14530cb4877532a6e8dccbd9892862f03caffd3255e7d4d_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:42ad2b45f4837a3a7145bb5465193c0fbd0f9a19cd084319ae3cec2c044d7749_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d5052b06326f477548bc4e5d0b941040dd8263e5f1d431dca86cc1d19cdfb227_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:3990bc1d5cdbba8a52bfd6e22811d056b122e3d0e423eb9fd6480ac02f56a8bc_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:bde9b20b5563b1f76e64adfd16325158dd4d6a3d7f5cc6bb114c11e6bdf8d863_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:0dc529cfd1c5b62bab2b45a002029260ee1add496bf771ddf430d7f2388a3a3c_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:3ba64d19551ff3ebfe9fd9939e0fd338135addb278c29f32c6d3dbdfba72c682_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:1faf17c23b013dff6ef9967fb12c35df9cb44c816ad2422ddf028006c35ee003_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:9e066a2c850468e029b0b0c78857a96d71f4ed005a1b29b903f47dcd74e308ce_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:89580204b1fb3c1df3fcccb6b22cf47f4b5a7f76cc779984274c72b24c9d0f37_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:b15d84cdd4f637461f3776b3170f80f330da4fffede49aec08bae13031e3d89a_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:2309b2886630d23f88c169d53a0213547d1ad42d337c77332dcb279ee31c6c3f_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:e421d42889a7f26d7023c6d13cf24f299a76967fa3c89bf7a7aaa226fe5fd5fb_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3ba904612846ada1e6fc3d48e35c33642b93030a41dd148e7fac998ba59ab960_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3e9168fa43bfd9af8c55c73b45359c06ad65cd22d10770ba5c75fe83d0c5f948_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:47f169436c4a6e40c8e829af7e753e481b5e672ca24b59971a2914807e968bc7_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:85f9a6db86ade5099c06d162d6affcd65f117f8449e3f18df628a89ba90e7eb1_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:58a80ea179c75c8cfba9c1171930c647f8b1da4f6720925166ba88debb562f68_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:5abe74e5e4e6c0272cb013786441d99f3c182f56e120f8db68bfa2288a2b0741_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:30742c883d8b607beace385e79829d3e954b222e973ebda2ebbe80d05b89df4a_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:449cdba9e4b8d185a14530cb4877532a6e8dccbd9892862f03caffd3255e7d4d_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:42ad2b45f4837a3a7145bb5465193c0fbd0f9a19cd084319ae3cec2c044d7749_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d5052b06326f477548bc4e5d0b941040dd8263e5f1d431dca86cc1d19cdfb227_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:3990bc1d5cdbba8a52bfd6e22811d056b122e3d0e423eb9fd6480ac02f56a8bc_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:bde9b20b5563b1f76e64adfd16325158dd4d6a3d7f5cc6bb114c11e6bdf8d863_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:0dc529cfd1c5b62bab2b45a002029260ee1add496bf771ddf430d7f2388a3a3c_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:3ba64d19551ff3ebfe9fd9939e0fd338135addb278c29f32c6d3dbdfba72c682_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:1faf17c23b013dff6ef9967fb12c35df9cb44c816ad2422ddf028006c35ee003_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:9e066a2c850468e029b0b0c78857a96d71f4ed005a1b29b903f47dcd74e308ce_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:89580204b1fb3c1df3fcccb6b22cf47f4b5a7f76cc779984274c72b24c9d0f37_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:b15d84cdd4f637461f3776b3170f80f330da4fffede49aec08bae13031e3d89a_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:2309b2886630d23f88c169d53a0213547d1ad42d337c77332dcb279ee31c6c3f_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:e421d42889a7f26d7023c6d13cf24f299a76967fa3c89bf7a7aaa226fe5fd5fb_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3ba904612846ada1e6fc3d48e35c33642b93030a41dd148e7fac998ba59ab960_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3e9168fa43bfd9af8c55c73b45359c06ad65cd22d10770ba5c75fe83d0c5f948_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "qs: qs: Denial of Service via improper input validation in array parsing"
    },
    {
      "cve": "CVE-2025-66566",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "discovery_date": "2025-12-05T19:00:50.134024+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:47f169436c4a6e40c8e829af7e753e481b5e672ca24b59971a2914807e968bc7_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:85f9a6db86ade5099c06d162d6affcd65f117f8449e3f18df628a89ba90e7eb1_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:58a80ea179c75c8cfba9c1171930c647f8b1da4f6720925166ba88debb562f68_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:5abe74e5e4e6c0272cb013786441d99f3c182f56e120f8db68bfa2288a2b0741_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:30742c883d8b607beace385e79829d3e954b222e973ebda2ebbe80d05b89df4a_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:449cdba9e4b8d185a14530cb4877532a6e8dccbd9892862f03caffd3255e7d4d_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:42ad2b45f4837a3a7145bb5465193c0fbd0f9a19cd084319ae3cec2c044d7749_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d5052b06326f477548bc4e5d0b941040dd8263e5f1d431dca86cc1d19cdfb227_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:3990bc1d5cdbba8a52bfd6e22811d056b122e3d0e423eb9fd6480ac02f56a8bc_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:bde9b20b5563b1f76e64adfd16325158dd4d6a3d7f5cc6bb114c11e6bdf8d863_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:1faf17c23b013dff6ef9967fb12c35df9cb44c816ad2422ddf028006c35ee003_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:9e066a2c850468e029b0b0c78857a96d71f4ed005a1b29b903f47dcd74e308ce_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:2309b2886630d23f88c169d53a0213547d1ad42d337c77332dcb279ee31c6c3f_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:e421d42889a7f26d7023c6d13cf24f299a76967fa3c89bf7a7aaa226fe5fd5fb_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2419500"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated IMPORTANT because it allows for information disclosure when Java-based decompressor implementations reuse output buffers without proper clearing, potentially exposing sensitive data via crafted compressed input. JNI-based implementations of lz4-java are not affected by this issue.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:0dc529cfd1c5b62bab2b45a002029260ee1add496bf771ddf430d7f2388a3a3c_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:3ba64d19551ff3ebfe9fd9939e0fd338135addb278c29f32c6d3dbdfba72c682_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:89580204b1fb3c1df3fcccb6b22cf47f4b5a7f76cc779984274c72b24c9d0f37_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:b15d84cdd4f637461f3776b3170f80f330da4fffede49aec08bae13031e3d89a_arm64",
          "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3ba904612846ada1e6fc3d48e35c33642b93030a41dd148e7fac998ba59ab960_amd64",
          "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3e9168fa43bfd9af8c55c73b45359c06ad65cd22d10770ba5c75fe83d0c5f948_arm64"
        ],
        "known_not_affected": [
          "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:47f169436c4a6e40c8e829af7e753e481b5e672ca24b59971a2914807e968bc7_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:85f9a6db86ade5099c06d162d6affcd65f117f8449e3f18df628a89ba90e7eb1_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:58a80ea179c75c8cfba9c1171930c647f8b1da4f6720925166ba88debb562f68_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:5abe74e5e4e6c0272cb013786441d99f3c182f56e120f8db68bfa2288a2b0741_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:30742c883d8b607beace385e79829d3e954b222e973ebda2ebbe80d05b89df4a_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:449cdba9e4b8d185a14530cb4877532a6e8dccbd9892862f03caffd3255e7d4d_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:42ad2b45f4837a3a7145bb5465193c0fbd0f9a19cd084319ae3cec2c044d7749_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d5052b06326f477548bc4e5d0b941040dd8263e5f1d431dca86cc1d19cdfb227_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:3990bc1d5cdbba8a52bfd6e22811d056b122e3d0e423eb9fd6480ac02f56a8bc_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:bde9b20b5563b1f76e64adfd16325158dd4d6a3d7f5cc6bb114c11e6bdf8d863_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:1faf17c23b013dff6ef9967fb12c35df9cb44c816ad2422ddf028006c35ee003_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:9e066a2c850468e029b0b0c78857a96d71f4ed005a1b29b903f47dcd74e308ce_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:2309b2886630d23f88c169d53a0213547d1ad42d337c77332dcb279ee31c6c3f_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:e421d42889a7f26d7023c6d13cf24f299a76967fa3c89bf7a7aaa226fe5fd5fb_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-66566"
        },
        {
          "category": "external",
          "summary": "RHBZ#2419500",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419500"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-66566",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-66566"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66566",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66566"
        },
        {
          "category": "external",
          "summary": "https://github.com/yawkat/lz4-java/commit/33d180cb70c4d93c80fb0dc3ab3002f457e93840",
          "url": "https://github.com/yawkat/lz4-java/commit/33d180cb70c4d93c80fb0dc3ab3002f457e93840"
        },
        {
          "category": "external",
          "summary": "https://github.com/yawkat/lz4-java/security/advisories/GHSA-cmp6-m4wj-q63q",
          "url": "https://github.com/yawkat/lz4-java/security/advisories/GHSA-cmp6-m4wj-q63q"
        }
      ],
      "release_date": "2025-12-05T18:10:16.470000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-19T03:34:11+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:0dc529cfd1c5b62bab2b45a002029260ee1add496bf771ddf430d7f2388a3a3c_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:3ba64d19551ff3ebfe9fd9939e0fd338135addb278c29f32c6d3dbdfba72c682_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:89580204b1fb3c1df3fcccb6b22cf47f4b5a7f76cc779984274c72b24c9d0f37_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:b15d84cdd4f637461f3776b3170f80f330da4fffede49aec08bae13031e3d89a_arm64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3ba904612846ada1e6fc3d48e35c33642b93030a41dd148e7fac998ba59ab960_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3e9168fa43bfd9af8c55c73b45359c06ad65cd22d10770ba5c75fe83d0c5f948_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0761"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:47f169436c4a6e40c8e829af7e753e481b5e672ca24b59971a2914807e968bc7_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:85f9a6db86ade5099c06d162d6affcd65f117f8449e3f18df628a89ba90e7eb1_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:58a80ea179c75c8cfba9c1171930c647f8b1da4f6720925166ba88debb562f68_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:5abe74e5e4e6c0272cb013786441d99f3c182f56e120f8db68bfa2288a2b0741_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:30742c883d8b607beace385e79829d3e954b222e973ebda2ebbe80d05b89df4a_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:449cdba9e4b8d185a14530cb4877532a6e8dccbd9892862f03caffd3255e7d4d_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:42ad2b45f4837a3a7145bb5465193c0fbd0f9a19cd084319ae3cec2c044d7749_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:d5052b06326f477548bc4e5d0b941040dd8263e5f1d431dca86cc1d19cdfb227_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:3990bc1d5cdbba8a52bfd6e22811d056b122e3d0e423eb9fd6480ac02f56a8bc_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:bde9b20b5563b1f76e64adfd16325158dd4d6a3d7f5cc6bb114c11e6bdf8d863_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:0dc529cfd1c5b62bab2b45a002029260ee1add496bf771ddf430d7f2388a3a3c_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:3ba64d19551ff3ebfe9fd9939e0fd338135addb278c29f32c6d3dbdfba72c682_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:1faf17c23b013dff6ef9967fb12c35df9cb44c816ad2422ddf028006c35ee003_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:9e066a2c850468e029b0b0c78857a96d71f4ed005a1b29b903f47dcd74e308ce_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:89580204b1fb3c1df3fcccb6b22cf47f4b5a7f76cc779984274c72b24c9d0f37_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:b15d84cdd4f637461f3776b3170f80f330da4fffede49aec08bae13031e3d89a_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:2309b2886630d23f88c169d53a0213547d1ad42d337c77332dcb279ee31c6c3f_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:e421d42889a7f26d7023c6d13cf24f299a76967fa3c89bf7a7aaa226fe5fd5fb_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3ba904612846ada1e6fc3d48e35c33642b93030a41dd148e7fac998ba59ab960_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:3e9168fa43bfd9af8c55c73b45359c06ad65cd22d10770ba5c75fe83d0c5f948_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing"
    }
  ]
}

CVE-2025-15284 (GCVE-0-2025-15284)

Vulnerability from cvelistv5 – Published: 2025-12-29 22:56 – Updated: 2025-12-30 15:57

Title

arrayLimit bypass in bracket notation allows DoS via memory exhaustion

Summary

Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1. SummaryThe arrayLimit option in qs does not enforce limits for bracket notation (a[]=1&a[]=2), allowing attackers to cause denial-of-service via memory exhaustion. Applications using arrayLimit for DoS protection are vulnerable. DetailsThe arrayLimit option only checks limits for indexed notation (a[0]=1&a[1]=2) but completely bypasses it for bracket notation (a[]=1&a[]=2). Vulnerable code (lib/parse.js:159-162): if (root === '[]' && options.parseArrays) { obj = utils.combine([], leaf); // No arrayLimit check } Working code (lib/parse.js:175): else if (index <= options.arrayLimit) { // Limit checked here obj = []; obj[index] = leaf; } The bracket notation handler at line 159 uses utils.combine([], leaf) without validating against options.arrayLimit, while indexed notation at line 175 checks index <= options.arrayLimit before creating arrays. PoCTest 1 - Basic bypass: npm install qs const qs = require('qs'); const result = qs.parse('a[]=1&a[]=2&a[]=3&a[]=4&a[]=5&a[]=6', { arrayLimit: 5 }); console.log(result.a.length); // Output: 6 (should be max 5) Test 2 - DoS demonstration: const qs = require('qs'); const attack = 'a[]=' + Array(10000).fill('x').join('&a[]='); const result = qs.parse(attack, { arrayLimit: 100 }); console.log(result.a.length); // Output: 10000 (should be max 100) Configuration: * arrayLimit: 5 (test 1) or arrayLimit: 100 (test 2) * Use bracket notation: a[]=value (not indexed a[0]=value) ImpactDenial of Service via memory exhaustion. Affects applications using qs.parse() with user-controlled input and arrayLimit for protection. Attack scenario: * Attacker sends HTTP request: GET /api/search?filters[]=x&filters[]=x&...&filters[]=x (100,000+ times) * Application parses with qs.parse(query, { arrayLimit: 100 }) * qs ignores limit, parses all 100,000 elements into array * Server memory exhausted → application crashes or becomes unresponsive * Service unavailable for all users Real-world impact: * Single malicious request can crash server * No authentication required * Easy to automate and scale * Affects any endpoint parsing query strings with bracket notation

Severity ?

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Assigner

harborist

References

URL

	Vendor	Product	Version
			Affected: < 6.14.1 (semver)

CVE-2025-66566 (GCVE-0-2025-66566)

Vulnerability from cvelistv5 – Published: 2025-12-05 18:10 – Updated: 2025-12-05 18:27

Title

yawkat LZ4 Java has a possible information leak in Java safe decompressor

Summary

yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lead to disclosure of sensitive data. JNI-based implementations are not affected. This vulnerability is fixed in 1.10.1.

Severity ?

8.2 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CWE

CWE-201 - Insertion of Sensitive Information Into Sent Data

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	yawkat	lz4-java	Affected: < 1.10.1

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:0761

CVE-2025-15284 (GCVE-0-2025-15284)

CVE-2025-66566 (GCVE-0-2025-66566)

Tags

Sightings

Nomenclature