Vulnerability-Lookup

RHSA-2026:2147

Vulnerability from csaf_redhat - Published: 2026-02-05 15:58 - Updated: 2026-02-05 20:07

Summary

Red Hat Security Advisory: Kiali 2.4.12 for Red Hat OpenShift Service Mesh 3.0

Notes

Topic

Kiali 2.4.12 for Red Hat OpenShift Service Mesh 3.0 This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Kiali 2.4.12, for Red Hat OpenShift Service Mesh 3.0, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently Security Fix(es): * kiali-ossmc-rhel9: qs: Denial of Service via improper input validation in array parsing (CVE-2025-15284) * kiali-rhel9: qs: Denial of Service via improper input validation in array parsing (CVE-2025-15284) * kiali-rhel9: Excessive resource consumption when printing error string for host certificate validation in crypto/x509 (CVE-2025-61729) * kiali-ossmc-rhel9: React Router vulnerable to XSS via Open Redirects (CVE-2026-22029) * kiali-rhel9: React Router vulnerable to XSS via Open Redirects (CVE-2026-22029) * kiali-ossmc-rhel9: prototype pollution in _.unset and _.omit functions (CVE-2025-13465) * kiali-rhel9: prototype pollution in _.unset and _.omit functions (CVE-2025-13465)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Kiali 2.4.12 for Red Hat OpenShift Service Mesh 3.0\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Kiali 2.4.12, for Red Hat OpenShift Service Mesh 3.0, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently\n\nSecurity Fix(es):\n\n* kiali-ossmc-rhel9: qs: Denial of Service via improper input validation in array parsing (CVE-2025-15284)\n\n* kiali-rhel9: qs: Denial of Service via improper input validation in array parsing (CVE-2025-15284)\n\n* kiali-rhel9: Excessive resource consumption when printing error string for host certificate validation in crypto/x509 (CVE-2025-61729)\n\n* kiali-ossmc-rhel9: React Router vulnerable to XSS via Open Redirects (CVE-2026-22029)\n\n* kiali-rhel9: React Router vulnerable to XSS via Open Redirects (CVE-2026-22029)\n\n* kiali-ossmc-rhel9: prototype pollution in _.unset and _.omit functions (CVE-2025-13465)\n\n* kiali-rhel9: prototype pollution in _.unset and _.omit functions (CVE-2025-13465)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:2147",
        "url": "https://access.redhat.com/errata/RHSA-2026:2147"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-13465",
        "url": "https://access.redhat.com/security/cve/CVE-2025-13465"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
        "url": "https://access.redhat.com/security/cve/CVE-2025-15284"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
        "url": "https://access.redhat.com/security/cve/CVE-2025-61729"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-22029",
        "url": "https://access.redhat.com/security/cve/CVE-2026-22029"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/cve-2025-13465",
        "url": "https://access.redhat.com/security/cve/cve-2025-13465"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/cve-2025-15284",
        "url": "https://access.redhat.com/security/cve/cve-2025-15284"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/cve-2025-61729",
        "url": "https://access.redhat.com/security/cve/cve-2025-61729"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/cve-2026-22029",
        "url": "https://access.redhat.com/security/cve/cve-2026-22029"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification",
        "url": "https://access.redhat.com/security/updates/classification"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2147.json"
      }
    ],
    "title": "Red Hat Security Advisory: Kiali 2.4.12 for Red Hat OpenShift Service Mesh 3.0",
    "tracking": {
      "current_release_date": "2026-02-05T20:07:14+00:00",
      "generator": {
        "date": "2026-02-05T20:07:14+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.1"
        }
      },
      "id": "RHSA-2026:2147",
      "initial_release_date": "2026-02-05T15:58:12+00:00",
      "revision_history": [
        {
          "date": "2026-02-05T15:58:12+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-02-05T15:58:16+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-02-05T20:07:14+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Service Mesh 3.0",
                "product": {
                  "name": "Red Hat OpenShift Service Mesh 3.0",
                  "product_id": "Red Hat OpenShift Service Mesh 3.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:service_mesh:3.0::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Service Mesh"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel9@sha256%3Ad188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1770140853"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Ad843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1770140791"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel9@sha256%3Aada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1770140853"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1770140791"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel9@sha256%3A6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1770140853"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Ac1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1770140791"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f_s390x",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f_s390x",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel9@sha256%3A527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1770140853"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268_s390x",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268_s390x",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1770140791"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
          "product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
          "product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268_s390x"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268_s390x",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
          "product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
          "product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
          "product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f_s390x"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f_s390x",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
          "product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
          "product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
          "product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-13465",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "discovery_date": "2026-01-21T20:01:28.774829+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2431740"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "lodash: prototype pollution in _.unset and _.omit functions",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is only exploitable by applications using the _.unset and _.omit functions on an object and allowing user input to determine the path of the property to be removed. This issue only allows the deletion of properties but does not allow overwriting their behavior, limiting the impact to a denial of service. Due to this reason, this vulnerability has been rated with an important severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268_s390x",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f_s390x",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-13465"
        },
        {
          "category": "external",
          "summary": "RHBZ#2431740",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431740"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-13465",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465"
        },
        {
          "category": "external",
          "summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg",
          "url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
        }
      ],
      "release_date": "2026-01-21T19:05:28.846000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-02-05T15:58:12+00:00",
          "details": "See Kiali 2.4.12 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268_s390x",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f_s390x",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:2147"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, implement strict input validation before passing any property paths to the _.unset and _.omit functions to block attempts to access the prototype chain. Ensure that strings like __proto__, constructor and prototype are blocked, for example.",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268_s390x",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f_s390x",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268_s390x",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f_s390x",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "lodash: prototype pollution in _.unset and _.omit functions"
    },
    {
      "cve": "CVE-2025-15284",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-12-29T23:00:58.541337+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2425946"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "qs: qs: Denial of Service via improper input validation in array parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268_s390x",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f_s390x",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-15284"
        },
        {
          "category": "external",
          "summary": "RHBZ#2425946",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
        },
        {
          "category": "external",
          "summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
          "url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
        },
        {
          "category": "external",
          "summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
          "url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
        }
      ],
      "release_date": "2025-12-29T22:56:45.240000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-02-05T15:58:12+00:00",
          "details": "See Kiali 2.4.12 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268_s390x",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f_s390x",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:2147"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268_s390x",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f_s390x",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268_s390x",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f_s390x",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "qs: qs: Denial of Service via improper input validation in array parsing"
    },
    {
      "cve": "CVE-2025-61729",
      "cwe": {
        "id": "CWE-1050",
        "name": "Excessive Platform Resource Consumption within a Loop"
      },
      "discovery_date": "2025-12-02T20:01:45.330964+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268_s390x",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2418462"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f_s390x",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64"
        ],
        "known_not_affected": [
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268_s390x",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-61729"
        },
        {
          "category": "external",
          "summary": "RHBZ#2418462",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/725920",
          "url": "https://go.dev/cl/725920"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/76445",
          "url": "https://go.dev/issue/76445"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
          "url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-4155",
          "url": "https://pkg.go.dev/vuln/GO-2025-4155"
        }
      ],
      "release_date": "2025-12-02T18:54:10.166000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-02-05T15:58:12+00:00",
          "details": "See Kiali 2.4.12 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f_s390x",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:2147"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268_s390x",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f_s390x",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "cve": "CVE-2026-22029",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2026-01-10T04:01:03.694749+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2428412"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (\u003cBrowserRouter\u003e) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268_s390x",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f_s390x",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64",
          "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-22029"
        },
        {
          "category": "external",
          "summary": "RHBZ#2428412",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428412"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-22029",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029"
        },
        {
          "category": "external",
          "summary": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx",
          "url": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx"
        }
      ],
      "release_date": "2026-01-10T02:42:32.736000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-02-05T15:58:12+00:00",
          "details": "See Kiali 2.4.12 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0/html/observability/kiali-operator-provided-by-red-hat",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268_s390x",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f_s390x",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:2147"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268_s390x",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f_s390x",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f_arm64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:94fc56d838f03fd43cacfc219626464469fae9ebf24e10a6b2e3de710d9da268_s390x",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:c1db580dd0b4417b069cf8bc9d691047e7b31406fd75075e1e63df6ba5f1799e_ppc64le",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:d843214da448c340907b3eee5fb95ed6937b61897c2d3d7d54f0aad1f7423a9d_amd64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f_s390x",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:6300ec1cc673e8eb40333fe98e69845c995116a5c4c80cf37f78209fc3ad1883_ppc64le",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ada195cbb75fa307fbbc82856a34991d6e88b39be01d2b0b38a4be77e1c80ebd_arm64",
            "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d188f4e95efbc9c699975ac101a746ee2ccf0313e8b6ef2834c36540ffee9b34_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects"
    }
  ]
}

CVE-2025-61729 (GCVE-0-2025-61729)

Vulnerability from cvelistv5 – Published: 2025-12-02 18:54 – Updated: 2025-12-03 19:37

Title

Excessive resource consumption when printing error string for host certificate validation in crypto/x509

Summary

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

References

URL

Tags

	https://go.dev/cl/725920
	https://go.dev/issue/76445
	https://groups.google.com/g/golang-announce/c/8FJ…
	https://pkg.go.dev/vuln/GO-2025-4155

Impacted products

	Vendor	Product	Version
	Go standard library	crypto/x509	Affected: 0 , < 1.24.11 (semver) Affected: 1.25.0 , < 1.25.5 (semver)

Credits

Philippe Antoine (Catena cyber)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-61729",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-02T21:52:36.341575Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-02T21:52:58.224Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "crypto/x509",
          "product": "crypto/x509",
          "programRoutines": [
            {
              "name": "Certificate.VerifyHostname"
            },
            {
              "name": "Certificate.Verify"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.5",
              "status": "affected",
              "version": "1.25.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Philippe Antoine (Catena cyber)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-03T19:37:14.903Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/725920"
        },
        {
          "url": "https://go.dev/issue/76445"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-4155"
        }
      ],
      "title": "Excessive resource consumption when printing error string for host certificate validation in crypto/x509"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-61729",
    "datePublished": "2025-12-02T18:54:10.166Z",
    "dateReserved": "2025-09-30T15:05:03.605Z",
    "dateUpdated": "2025-12-03T19:37:14.903Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-13465 (GCVE-0-2025-13465)

Vulnerability from cvelistv5 – Published: 2026-01-21 19:05 – Updated: 2026-01-21 19:43

Title

Prototype Pollution Vulnerability in Lodash _.unset and _.omit functions

Summary

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. This issue is patched on 4.17.23

Severity ?

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P

CWE

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Assigner

openjs

References

URL

Tags

https://github.com/lodash/lodash/security/advisor…

Impacted products

Vendor

Product

Version

Lodash

Affected: 4.0.0 , ≤ 4.17.22 (semver)

Lodash-amd	Lodash-amd	Affected: 4.0.0 , ≤ 4.17.22 (semver)
lodash-es	lodash-es	Affected: 4.0.0 , ≤ 4.17.22 (semver)
lodash.unset	lodash.unset	Affected: 4.0.0

Credits

Lukas Euler Jordan Harband Michał Lipiński Ulises Gascón

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13465",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-21T19:43:10.513400Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-21T19:43:38.268Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "https://github.com/lodash/lodash"
          ],
          "packageName": "lodash",
          "product": "Lodash",
          "repo": "https://github.com/lodash/lodash",
          "vendor": "Lodash",
          "versions": [
            {
              "lessThanOrEqual": "4.17.22",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "https://github.com/lodash/lodash"
          ],
          "product": "Lodash-amd",
          "repo": "https://github.com/lodash/lodash",
          "vendor": "Lodash-amd",
          "versions": [
            {
              "lessThanOrEqual": "4.17.22",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "https://github.com/lodash/lodash"
          ],
          "product": "lodash-es",
          "repo": "https://github.com/lodash/lodash",
          "vendor": "lodash-es",
          "versions": [
            {
              "lessThanOrEqual": "4.17.22",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "https://github.com/lodash/lodash"
          ],
          "product": "lodash.unset",
          "repo": "https://github.com/lodash/lodash",
          "vendor": "lodash.unset",
          "versions": [
            {
              "status": "affected",
              "version": "4.0.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Lukas Euler"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Jordan Harband"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Micha\u0142 Lipi\u0144ski"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Ulises Gasc\u00f3n"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eLodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the \u003ccode\u003e_.unset\u003c/code\u003e\u0026nbsp;and \u003ccode\u003e_.omit\u003c/code\u003e\u0026nbsp;functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.\u003c/p\u003e\u003cp\u003eThe issue permits deletion of properties but does not allow overwriting their original behavior.\u003c/p\u003e\u003cp\u003eThis issue is patched on 4.17.23\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset\u00a0and _.omit\u00a0functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.\n\nThe issue permits deletion of properties but does not allow overwriting their original behavior.\n\nThis issue is patched on 4.17.23"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-77",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-77 Manipulating User-Controlled Variables"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "PROOF_OF_CONCEPT",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-21T19:05:28.846Z",
        "orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
        "shortName": "openjs"
      },
      "references": [
        {
          "url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
        }
      ],
      "source": {
        "advisory": "GHSA-xxjr-mmjv-4gpg",
        "discovery": "EXTERNAL"
      },
      "title": "Prototype Pollution Vulnerability in Lodash _.unset and _.omit functions",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
    "assignerShortName": "openjs",
    "cveId": "CVE-2025-13465",
    "datePublished": "2026-01-21T19:05:28.846Z",
    "dateReserved": "2025-11-20T02:16:12.128Z",
    "dateUpdated": "2026-01-21T19:43:38.268Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-15284 (GCVE-0-2025-15284)

Vulnerability from cvelistv5 – Published: 2025-12-29 22:56 – Updated: 2025-12-30 15:57

Title

arrayLimit bypass in bracket notation allows DoS via memory exhaustion

Summary

Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1. SummaryThe arrayLimit option in qs does not enforce limits for bracket notation (a[]=1&a[]=2), allowing attackers to cause denial-of-service via memory exhaustion. Applications using arrayLimit for DoS protection are vulnerable. DetailsThe arrayLimit option only checks limits for indexed notation (a[0]=1&a[1]=2) but completely bypasses it for bracket notation (a[]=1&a[]=2). Vulnerable code (lib/parse.js:159-162): if (root === '[]' && options.parseArrays) { obj = utils.combine([], leaf); // No arrayLimit check } Working code (lib/parse.js:175): else if (index <= options.arrayLimit) { // Limit checked here obj = []; obj[index] = leaf; } The bracket notation handler at line 159 uses utils.combine([], leaf) without validating against options.arrayLimit, while indexed notation at line 175 checks index <= options.arrayLimit before creating arrays. PoCTest 1 - Basic bypass: npm install qs const qs = require('qs'); const result = qs.parse('a[]=1&a[]=2&a[]=3&a[]=4&a[]=5&a[]=6', { arrayLimit: 5 }); console.log(result.a.length); // Output: 6 (should be max 5) Test 2 - DoS demonstration: const qs = require('qs'); const attack = 'a[]=' + Array(10000).fill('x').join('&a[]='); const result = qs.parse(attack, { arrayLimit: 100 }); console.log(result.a.length); // Output: 10000 (should be max 100) Configuration: * arrayLimit: 5 (test 1) or arrayLimit: 100 (test 2) * Use bracket notation: a[]=value (not indexed a[0]=value) ImpactDenial of Service via memory exhaustion. Affects applications using qs.parse() with user-controlled input and arrayLimit for protection. Attack scenario: * Attacker sends HTTP request: GET /api/search?filters[]=x&filters[]=x&...&filters[]=x (100,000+ times) * Application parses with qs.parse(query, { arrayLimit: 100 }) * qs ignores limit, parses all 100,000 elements into array * Server memory exhausted → application crashes or becomes unresponsive * Service unavailable for all users Real-world impact: * Single malicious request can crash server * No authentication required * Easy to automate and scale * Affects any endpoint parsing query strings with bracket notation

Severity ?

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Assigner

harborist

References

URL

Tags

	https://github.com/ljharb/qs/security/advisories/…	vendor-advisory
	https://github.com/ljharb/qs/commit/3086902ecf7f0…	patch

Impacted products

	Vendor	Product	Version
			Affected: < 6.14.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-15284",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-30T14:55:26.031863Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-30T15:57:41.402Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://npmjs.com/qs",
          "defaultStatus": "affected",
          "modules": [
            "parse"
          ],
          "packageName": "qs",
          "repo": "https://github.com/ljharb/qs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 6.14.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.\u003cp\u003eThis issue affects qs: \u0026lt; 6.14.1.\u003c/p\u003e\u003ch3\u003e\u003cbr\u003eSummary\u003c/h3\u003e\u003cp\u003eThe \u003ccode\u003earrayLimit\u003c/code\u003e\u0026nbsp;option in qs does not enforce limits for bracket notation (\u003ccode\u003ea[]=1\u0026amp;a[]=2\u003c/code\u003e), allowing attackers to cause denial-of-service via memory exhaustion. Applications using \u003ccode\u003earrayLimit\u003c/code\u003e\u0026nbsp;for DoS protection are vulnerable.\u003c/p\u003e\u003ch3\u003eDetails\u003c/h3\u003e\u003cp\u003eThe \u003ccode\u003earrayLimit\u003c/code\u003e\u0026nbsp;option only checks limits for indexed notation (\u003ccode\u003ea[0]=1\u0026amp;a[1]=2\u003c/code\u003e) but completely bypasses it for bracket notation (\u003ccode\u003ea[]=1\u0026amp;a[]=2\u003c/code\u003e).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eVulnerable code\u003c/strong\u003e\u0026nbsp;(\u003ccode\u003elib/parse.js:159-162\u003c/code\u003e):\u003c/p\u003e\u003cdiv\u003e\u003cpre\u003eif (root === \u0027[]\u0027 \u0026amp;\u0026amp; options.parseArrays) {\n    obj = utils.combine([], leaf);  // No arrayLimit check\n}\u003c/pre\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003e\u003cstrong\u003eWorking code\u003c/strong\u003e\u0026nbsp;(\u003ccode\u003elib/parse.js:175\u003c/code\u003e):\u003c/p\u003e\u003cdiv\u003e\u003cpre\u003eelse if (index \u0026lt;= options.arrayLimit) {  // Limit checked here\n    obj = [];\n    obj[index] = leaf;\n}\u003c/pre\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003eThe bracket notation handler at line 159 uses \u003ccode\u003eutils.combine([], leaf)\u003c/code\u003e\u0026nbsp;without validating against \u003ccode\u003eoptions.arrayLimit\u003c/code\u003e, while indexed notation at line 175 checks \u003ccode\u003eindex \u0026lt;= options.arrayLimit\u003c/code\u003e\u0026nbsp;before creating arrays.\u003c/p\u003e\u003ch3\u003ePoC\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTest 1 - Basic bypass:\u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003cpre\u003enpm install qs\u003c/pre\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cpre\u003econst qs = require(\u0027qs\u0027);\nconst result = qs.parse(\u0027a[]=1\u0026amp;a[]=2\u0026amp;a[]=3\u0026amp;a[]=4\u0026amp;a[]=5\u0026amp;a[]=6\u0027, { arrayLimit: 5 });\nconsole.log(result.a.length);  // Output: 6 (should be max 5)\u003c/pre\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003e\u003cstrong\u003eTest 2 - DoS demonstration:\u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003cpre\u003econst qs = require(\u0027qs\u0027);\nconst attack = \u0027a[]=\u0027 + Array(10000).fill(\u0027x\u0027).join(\u0027\u0026amp;a[]=\u0027);\nconst result = qs.parse(attack, { arrayLimit: 100 });\nconsole.log(result.a.length);  // Output: 10000 (should be max 100)\u003c/pre\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003e\u003cstrong\u003eConfiguration:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ccode\u003earrayLimit: 5\u003c/code\u003e\u0026nbsp;(test 1) or \u003ccode\u003earrayLimit: 100\u003c/code\u003e\u0026nbsp;(test 2)\u003c/li\u003e\u003cli\u003eUse bracket notation: \u003ccode\u003ea[]=value\u003c/code\u003e\u0026nbsp;(not indexed \u003ccode\u003ea[0]=value\u003c/code\u003e)\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eImpact\u003c/h3\u003e\u003cp\u003eDenial of Service via memory exhaustion. Affects applications using \u003ccode\u003eqs.parse()\u003c/code\u003e\u0026nbsp;with user-controlled input and \u003ccode\u003earrayLimit\u003c/code\u003e\u0026nbsp;for protection.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAttack scenario:\u003c/strong\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003eAttacker sends HTTP request: \u003ccode\u003eGET /api/search?filters[]=x\u0026amp;filters[]=x\u0026amp;...\u0026amp;filters[]=x\u003c/code\u003e\u0026nbsp;(100,000+ times)\u003c/li\u003e\u003cli\u003eApplication parses with \u003ccode\u003eqs.parse(query, { arrayLimit: 100 })\u003c/code\u003e\u003c/li\u003e\u003cli\u003eqs ignores limit, parses all 100,000 elements into array\u003c/li\u003e\u003cli\u003eServer memory exhausted \u2192 application crashes or becomes unresponsive\u003c/li\u003e\u003cli\u003eService unavailable for all users\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cstrong\u003eReal-world impact:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eSingle malicious request can crash server\u003c/li\u003e\u003cli\u003eNo authentication required\u003c/li\u003e\u003cli\u003eEasy to automate and scale\u003c/li\u003e\u003cli\u003eAffects any endpoint parsing query strings with bracket notation\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: \u003c 6.14.1.\n\n\nSummaryThe arrayLimit\u00a0option in qs does not enforce limits for bracket notation (a[]=1\u0026a[]=2), allowing attackers to cause denial-of-service via memory exhaustion. Applications using arrayLimit\u00a0for DoS protection are vulnerable.\n\nDetailsThe arrayLimit\u00a0option only checks limits for indexed notation (a[0]=1\u0026a[1]=2) but completely bypasses it for bracket notation (a[]=1\u0026a[]=2).\n\nVulnerable code\u00a0(lib/parse.js:159-162):\n\nif (root === \u0027[]\u0027 \u0026\u0026 options.parseArrays) {\n    obj = utils.combine([], leaf);  // No arrayLimit check\n}\n\n\n\n\n\nWorking code\u00a0(lib/parse.js:175):\n\nelse if (index \u003c= options.arrayLimit) {  // Limit checked here\n    obj = [];\n    obj[index] = leaf;\n}\n\n\n\n\n\nThe bracket notation handler at line 159 uses utils.combine([], leaf)\u00a0without validating against options.arrayLimit, while indexed notation at line 175 checks index \u003c= options.arrayLimit\u00a0before creating arrays.\n\nPoCTest 1 - Basic bypass:\n\nnpm install qs\n\n\n\n\n\nconst qs = require(\u0027qs\u0027);\nconst result = qs.parse(\u0027a[]=1\u0026a[]=2\u0026a[]=3\u0026a[]=4\u0026a[]=5\u0026a[]=6\u0027, { arrayLimit: 5 });\nconsole.log(result.a.length);  // Output: 6 (should be max 5)\n\n\n\n\n\nTest 2 - DoS demonstration:\n\nconst qs = require(\u0027qs\u0027);\nconst attack = \u0027a[]=\u0027 + Array(10000).fill(\u0027x\u0027).join(\u0027\u0026a[]=\u0027);\nconst result = qs.parse(attack, { arrayLimit: 100 });\nconsole.log(result.a.length);  // Output: 10000 (should be max 100)\n\n\n\n\n\nConfiguration:\n\n  *  arrayLimit: 5\u00a0(test 1) or arrayLimit: 100\u00a0(test 2)\n  *  Use bracket notation: a[]=value\u00a0(not indexed a[0]=value)\n\n\nImpactDenial of Service via memory exhaustion. Affects applications using qs.parse()\u00a0with user-controlled input and arrayLimit\u00a0for protection.\n\nAttack scenario:\n\n  *  Attacker sends HTTP request: GET /api/search?filters[]=x\u0026filters[]=x\u0026...\u0026filters[]=x\u00a0(100,000+ times)\n  *  Application parses with qs.parse(query, { arrayLimit: 100 })\n  *  qs ignores limit, parses all 100,000 elements into array\n  *  Server memory exhausted \u2192 application crashes or becomes unresponsive\n  *  Service unavailable for all users\nReal-world impact:\n\n  *  Single malicious request can crash server\n  *  No authentication required\n  *  Easy to automate and scale\n  *  Affects any endpoint parsing query strings with bracket notation"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-469",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-469 HTTP DoS"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-29T22:56:45.240Z",
        "orgId": "7ffcee3d-2c14-4c3e-b844-86c6a321a158",
        "shortName": "harborist"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "arrayLimit bypass in bracket notation allows DoS via memory exhaustion",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7ffcee3d-2c14-4c3e-b844-86c6a321a158",
    "assignerShortName": "harborist",
    "cveId": "CVE-2025-15284",
    "datePublished": "2025-12-29T22:56:45.240Z",
    "dateReserved": "2025-12-29T21:36:51.399Z",
    "dateUpdated": "2025-12-30T15:57:41.402Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22029 (GCVE-0-2026-22029)

Vulnerability from cvelistv5 – Published: 2026-01-10 02:42 – Updated: 2026-01-13 04:55

Title

React Router vulnerable to XSS via Open Redirects

Summary

React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (<BrowserRouter>) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0.

Severity ?

8 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

URL

Tags

https://github.com/remix-run/react-router/securit…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	remix-run	react-router	Affected: @remix-run/router < 1.23.2 Affected: react-router >= 7.0.0, < 7.12.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22029",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-12T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T04:55:52.374Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "react-router",
          "vendor": "remix-run",
          "versions": [
            {
              "status": "affected",
              "version": "@remix-run/router \u003c 1.23.2"
            },
            {
              "status": "affected",
              "version": "react-router  \u003e= 7.0.0, \u003c 7.12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (\u003cBrowserRouter\u003e) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-10T02:42:32.736Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx"
        }
      ],
      "source": {
        "advisory": "GHSA-2w69-qvjg-hvjx",
        "discovery": "UNKNOWN"
      },
      "title": "React Router vulnerable to XSS via Open Redirects"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-22029",
    "datePublished": "2026-01-10T02:42:32.736Z",
    "dateReserved": "2026-01-05T22:30:38.718Z",
    "dateUpdated": "2026-01-13T04:55:52.374Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:2147

CVE-2025-61729 (GCVE-0-2025-61729)

CVE-2025-13465 (GCVE-0-2025-13465)

CVE-2025-15284 (GCVE-0-2025-15284)

CVE-2026-22029 (GCVE-0-2026-22029)

Tags

Sightings

Nomenclature