Vulnerability-Lookup

RHSA-2026:2148

Vulnerability from csaf_redhat - Published: 2026-02-05 15:58 - Updated: 2026-02-06 17:14

Summary

Red Hat Security Advisory: Kiali 2.11.6 for Red Hat OpenShift Service Mesh 3.1

Notes

Topic

Kiali 2.11.6 for Red Hat OpenShift Service Mesh 3.1 This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Kiali 2.11.6, for Red Hat OpenShift Service Mesh 3.1, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently. Security Fix(es): * kiali-ossmc-rhel9: qs: Denial of Service via improper input validation in array parsing (CVE-2025-15284 ) * kiali-rhel9: qs: Denial of Service via improper input validation in array parsing (CVE-2025-15284 ) * kiali-rhel9: Excessive resource consumption when printing error string for host certificate validation in crypto/x509 (CVE-2025-61729) * kiali-ossmc-rhel9: React Router vulnerable to XSS via Open Redirects (CVE-2026-22029) * kiali-rhel9: React Router vulnerable to XSS via Open Redirects (CVE-2026-22029) * kiali-ossmc-rhel9: prototype pollution in _.unset and _.omit functions (CVE-2025-13465) * kiali-rhel9: prototype pollution in _.unset and _.omit functions (CVE-2025-13465)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Kiali 2.11.6 for Red Hat OpenShift Service Mesh 3.1\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Kiali 2.11.6, for Red Hat OpenShift Service Mesh 3.1, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* kiali-ossmc-rhel9: qs: Denial of Service via improper input validation in array parsing (CVE-2025-15284 )\n\n* kiali-rhel9: qs: Denial of Service via improper input validation in array parsing (CVE-2025-15284 )\n\n* kiali-rhel9: Excessive resource consumption when printing error string for host certificate validation in crypto/x509 (CVE-2025-61729)\n\n* kiali-ossmc-rhel9: React Router vulnerable to XSS via Open Redirects (CVE-2026-22029)\n\n* kiali-rhel9: React Router vulnerable to XSS via Open Redirects (CVE-2026-22029)\n\n* kiali-ossmc-rhel9: prototype pollution in _.unset and _.omit functions (CVE-2025-13465)\n\n* kiali-rhel9: prototype pollution in _.unset and _.omit functions (CVE-2025-13465)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:2148",
        "url": "https://access.redhat.com/errata/RHSA-2026:2148"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-13465",
        "url": "https://access.redhat.com/security/cve/CVE-2025-13465"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
        "url": "https://access.redhat.com/security/cve/CVE-2025-15284"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
        "url": "https://access.redhat.com/security/cve/CVE-2025-61729"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-22029",
        "url": "https://access.redhat.com/security/cve/CVE-2026-22029"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/cve-2025-13465",
        "url": "https://access.redhat.com/security/cve/cve-2025-13465"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/cve-2025-15284",
        "url": "https://access.redhat.com/security/cve/cve-2025-15284"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/cve-2025-61729",
        "url": "https://access.redhat.com/security/cve/cve-2025-61729"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/cve-2026-22029",
        "url": "https://access.redhat.com/security/cve/cve-2026-22029"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2148.json"
      }
    ],
    "title": "Red Hat Security Advisory: Kiali 2.11.6 for Red Hat OpenShift Service Mesh 3.1",
    "tracking": {
      "current_release_date": "2026-02-06T17:14:04+00:00",
      "generator": {
        "date": "2026-02-06T17:14:04+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.1"
        }
      },
      "id": "RHSA-2026:2148",
      "initial_release_date": "2026-02-05T15:58:24+00:00",
      "revision_history": [
        {
          "date": "2026-02-05T15:58:24+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-02-05T15:58:29+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-02-06T17:14:04+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Service Mesh 3.1",
                "product": {
                  "name": "Red Hat OpenShift Service Mesh 3.1",
                  "product_id": "Red Hat OpenShift Service Mesh 3.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:service_mesh:3.1::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Service Mesh"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d6aaf4ab035e7dfb136fd85f82fb10852e657e8fdae2281613258009bb26250e_amd64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d6aaf4ab035e7dfb136fd85f82fb10852e657e8fdae2281613258009bb26250e_amd64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d6aaf4ab035e7dfb136fd85f82fb10852e657e8fdae2281613258009bb26250e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel9@sha256%3Ad6aaf4ab035e7dfb136fd85f82fb10852e657e8fdae2281613258009bb26250e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1770138727"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e5a71ca768b96c827dd2fd860cbd739d7743f1eeb89b2e4c7cc9157941683626_amd64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e5a71ca768b96c827dd2fd860cbd739d7743f1eeb89b2e4c7cc9157941683626_amd64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e5a71ca768b96c827dd2fd860cbd739d7743f1eeb89b2e4c7cc9157941683626_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Ae5a71ca768b96c827dd2fd860cbd739d7743f1eeb89b2e4c7cc9157941683626?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1770140180"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ae9d275647749b591a1ab2e4e805904b02bf8af4265793120b5eb1065759fc13_arm64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ae9d275647749b591a1ab2e4e805904b02bf8af4265793120b5eb1065759fc13_arm64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ae9d275647749b591a1ab2e4e805904b02bf8af4265793120b5eb1065759fc13_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel9@sha256%3Aae9d275647749b591a1ab2e4e805904b02bf8af4265793120b5eb1065759fc13?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1770138727"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:82e36c47f867ced806082b44fe357e70b07c72c4258c16af5a14f56fc040b534_arm64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:82e36c47f867ced806082b44fe357e70b07c72c4258c16af5a14f56fc040b534_arm64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:82e36c47f867ced806082b44fe357e70b07c72c4258c16af5a14f56fc040b534_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A82e36c47f867ced806082b44fe357e70b07c72c4258c16af5a14f56fc040b534?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1770140180"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:a60d01bfe3bfa2dc484f9d940b71538f0b3732cb77db883edb7a93cf42f2992e_ppc64le",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:a60d01bfe3bfa2dc484f9d940b71538f0b3732cb77db883edb7a93cf42f2992e_ppc64le",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:a60d01bfe3bfa2dc484f9d940b71538f0b3732cb77db883edb7a93cf42f2992e_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel9@sha256%3Aa60d01bfe3bfa2dc484f9d940b71538f0b3732cb77db883edb7a93cf42f2992e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1770138727"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b6b13c0381b96b286fd04e777ae6801ad61e703b5484e9105b9fa0c5de587c29_ppc64le",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b6b13c0381b96b286fd04e777ae6801ad61e703b5484e9105b9fa0c5de587c29_ppc64le",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b6b13c0381b96b286fd04e777ae6801ad61e703b5484e9105b9fa0c5de587c29_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3Ab6b13c0381b96b286fd04e777ae6801ad61e703b5484e9105b9fa0c5de587c29?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1770140180"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2cdf4960ec57c4971d2f9ce92b07686831e6f55e24c9b1a2831470f8da05b598_s390x",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2cdf4960ec57c4971d2f9ce92b07686831e6f55e24c9b1a2831470f8da05b598_s390x",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2cdf4960ec57c4971d2f9ce92b07686831e6f55e24c9b1a2831470f8da05b598_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel9@sha256%3A2cdf4960ec57c4971d2f9ce92b07686831e6f55e24c9b1a2831470f8da05b598?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1770138727"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:84dfc3c35747d81138244b4aa9893f9f1d21775717a4014d328eb5701d832569_s390x",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:84dfc3c35747d81138244b4aa9893f9f1d21775717a4014d328eb5701d832569_s390x",
                  "product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:84dfc3c35747d81138244b4aa9893f9f1d21775717a4014d328eb5701d832569_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-ossmc-rhel9@sha256%3A84dfc3c35747d81138244b4aa9893f9f1d21775717a4014d328eb5701d832569?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1770140180"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:82e36c47f867ced806082b44fe357e70b07c72c4258c16af5a14f56fc040b534_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
          "product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:82e36c47f867ced806082b44fe357e70b07c72c4258c16af5a14f56fc040b534_arm64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:82e36c47f867ced806082b44fe357e70b07c72c4258c16af5a14f56fc040b534_arm64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:84dfc3c35747d81138244b4aa9893f9f1d21775717a4014d328eb5701d832569_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
          "product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:84dfc3c35747d81138244b4aa9893f9f1d21775717a4014d328eb5701d832569_s390x"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:84dfc3c35747d81138244b4aa9893f9f1d21775717a4014d328eb5701d832569_s390x",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b6b13c0381b96b286fd04e777ae6801ad61e703b5484e9105b9fa0c5de587c29_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
          "product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b6b13c0381b96b286fd04e777ae6801ad61e703b5484e9105b9fa0c5de587c29_ppc64le"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b6b13c0381b96b286fd04e777ae6801ad61e703b5484e9105b9fa0c5de587c29_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e5a71ca768b96c827dd2fd860cbd739d7743f1eeb89b2e4c7cc9157941683626_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
          "product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e5a71ca768b96c827dd2fd860cbd739d7743f1eeb89b2e4c7cc9157941683626_amd64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e5a71ca768b96c827dd2fd860cbd739d7743f1eeb89b2e4c7cc9157941683626_amd64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2cdf4960ec57c4971d2f9ce92b07686831e6f55e24c9b1a2831470f8da05b598_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
          "product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2cdf4960ec57c4971d2f9ce92b07686831e6f55e24c9b1a2831470f8da05b598_s390x"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2cdf4960ec57c4971d2f9ce92b07686831e6f55e24c9b1a2831470f8da05b598_s390x",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:a60d01bfe3bfa2dc484f9d940b71538f0b3732cb77db883edb7a93cf42f2992e_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
          "product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:a60d01bfe3bfa2dc484f9d940b71538f0b3732cb77db883edb7a93cf42f2992e_ppc64le"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:a60d01bfe3bfa2dc484f9d940b71538f0b3732cb77db883edb7a93cf42f2992e_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ae9d275647749b591a1ab2e4e805904b02bf8af4265793120b5eb1065759fc13_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
          "product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ae9d275647749b591a1ab2e4e805904b02bf8af4265793120b5eb1065759fc13_arm64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ae9d275647749b591a1ab2e4e805904b02bf8af4265793120b5eb1065759fc13_arm64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d6aaf4ab035e7dfb136fd85f82fb10852e657e8fdae2281613258009bb26250e_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
          "product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d6aaf4ab035e7dfb136fd85f82fb10852e657e8fdae2281613258009bb26250e_amd64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d6aaf4ab035e7dfb136fd85f82fb10852e657e8fdae2281613258009bb26250e_amd64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-13465",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "discovery_date": "2026-01-21T20:01:28.774829+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2431740"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "lodash: prototype pollution in _.unset and _.omit functions",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is only exploitable by applications using the _.unset and _.omit functions on an object and allowing user input to determine the path of the property to be removed. This issue only allows the deletion of properties but does not allow overwriting their behavior, limiting the impact to a denial of service. Due to this reason, this vulnerability has been rated with an important severity.\n\nIn Grafana, JavaScript code runs only in the browser, while the server side is all Golang. Therefore, the worst-case scenario is a loss of functionality in the client application inside the browser. To reflect this, the CVSS availability metric and the severity of the Grafana and the Grafana-PCP component have been updated to low and moderate, respectively.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:82e36c47f867ced806082b44fe357e70b07c72c4258c16af5a14f56fc040b534_arm64",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:84dfc3c35747d81138244b4aa9893f9f1d21775717a4014d328eb5701d832569_s390x",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b6b13c0381b96b286fd04e777ae6801ad61e703b5484e9105b9fa0c5de587c29_ppc64le",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e5a71ca768b96c827dd2fd860cbd739d7743f1eeb89b2e4c7cc9157941683626_amd64",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2cdf4960ec57c4971d2f9ce92b07686831e6f55e24c9b1a2831470f8da05b598_s390x",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:a60d01bfe3bfa2dc484f9d940b71538f0b3732cb77db883edb7a93cf42f2992e_ppc64le",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ae9d275647749b591a1ab2e4e805904b02bf8af4265793120b5eb1065759fc13_arm64",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d6aaf4ab035e7dfb136fd85f82fb10852e657e8fdae2281613258009bb26250e_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-13465"
        },
        {
          "category": "external",
          "summary": "RHBZ#2431740",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431740"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-13465",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465"
        },
        {
          "category": "external",
          "summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg",
          "url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
        }
      ],
      "release_date": "2026-01-21T19:05:28.846000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-02-05T15:58:24+00:00",
          "details": "See Kiali 2.11.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:82e36c47f867ced806082b44fe357e70b07c72c4258c16af5a14f56fc040b534_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:84dfc3c35747d81138244b4aa9893f9f1d21775717a4014d328eb5701d832569_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b6b13c0381b96b286fd04e777ae6801ad61e703b5484e9105b9fa0c5de587c29_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e5a71ca768b96c827dd2fd860cbd739d7743f1eeb89b2e4c7cc9157941683626_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2cdf4960ec57c4971d2f9ce92b07686831e6f55e24c9b1a2831470f8da05b598_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:a60d01bfe3bfa2dc484f9d940b71538f0b3732cb77db883edb7a93cf42f2992e_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ae9d275647749b591a1ab2e4e805904b02bf8af4265793120b5eb1065759fc13_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d6aaf4ab035e7dfb136fd85f82fb10852e657e8fdae2281613258009bb26250e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:2148"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, implement strict input validation before passing any property paths to the _.unset and _.omit functions to block attempts to access the prototype chain. Ensure that strings like __proto__, constructor and prototype are blocked, for example.",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:82e36c47f867ced806082b44fe357e70b07c72c4258c16af5a14f56fc040b534_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:84dfc3c35747d81138244b4aa9893f9f1d21775717a4014d328eb5701d832569_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b6b13c0381b96b286fd04e777ae6801ad61e703b5484e9105b9fa0c5de587c29_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e5a71ca768b96c827dd2fd860cbd739d7743f1eeb89b2e4c7cc9157941683626_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2cdf4960ec57c4971d2f9ce92b07686831e6f55e24c9b1a2831470f8da05b598_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:a60d01bfe3bfa2dc484f9d940b71538f0b3732cb77db883edb7a93cf42f2992e_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ae9d275647749b591a1ab2e4e805904b02bf8af4265793120b5eb1065759fc13_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d6aaf4ab035e7dfb136fd85f82fb10852e657e8fdae2281613258009bb26250e_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:82e36c47f867ced806082b44fe357e70b07c72c4258c16af5a14f56fc040b534_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:84dfc3c35747d81138244b4aa9893f9f1d21775717a4014d328eb5701d832569_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b6b13c0381b96b286fd04e777ae6801ad61e703b5484e9105b9fa0c5de587c29_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e5a71ca768b96c827dd2fd860cbd739d7743f1eeb89b2e4c7cc9157941683626_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2cdf4960ec57c4971d2f9ce92b07686831e6f55e24c9b1a2831470f8da05b598_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:a60d01bfe3bfa2dc484f9d940b71538f0b3732cb77db883edb7a93cf42f2992e_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ae9d275647749b591a1ab2e4e805904b02bf8af4265793120b5eb1065759fc13_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d6aaf4ab035e7dfb136fd85f82fb10852e657e8fdae2281613258009bb26250e_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "lodash: prototype pollution in _.unset and _.omit functions"
    },
    {
      "cve": "CVE-2025-15284",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-12-29T23:00:58.541337+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2425946"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "qs: qs: Denial of Service via improper input validation in array parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:82e36c47f867ced806082b44fe357e70b07c72c4258c16af5a14f56fc040b534_arm64",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:84dfc3c35747d81138244b4aa9893f9f1d21775717a4014d328eb5701d832569_s390x",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b6b13c0381b96b286fd04e777ae6801ad61e703b5484e9105b9fa0c5de587c29_ppc64le",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e5a71ca768b96c827dd2fd860cbd739d7743f1eeb89b2e4c7cc9157941683626_amd64",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2cdf4960ec57c4971d2f9ce92b07686831e6f55e24c9b1a2831470f8da05b598_s390x",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:a60d01bfe3bfa2dc484f9d940b71538f0b3732cb77db883edb7a93cf42f2992e_ppc64le",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ae9d275647749b591a1ab2e4e805904b02bf8af4265793120b5eb1065759fc13_arm64",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d6aaf4ab035e7dfb136fd85f82fb10852e657e8fdae2281613258009bb26250e_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-15284"
        },
        {
          "category": "external",
          "summary": "RHBZ#2425946",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
        },
        {
          "category": "external",
          "summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
          "url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
        },
        {
          "category": "external",
          "summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
          "url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
        }
      ],
      "release_date": "2025-12-29T22:56:45.240000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-02-05T15:58:24+00:00",
          "details": "See Kiali 2.11.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:82e36c47f867ced806082b44fe357e70b07c72c4258c16af5a14f56fc040b534_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:84dfc3c35747d81138244b4aa9893f9f1d21775717a4014d328eb5701d832569_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b6b13c0381b96b286fd04e777ae6801ad61e703b5484e9105b9fa0c5de587c29_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e5a71ca768b96c827dd2fd860cbd739d7743f1eeb89b2e4c7cc9157941683626_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2cdf4960ec57c4971d2f9ce92b07686831e6f55e24c9b1a2831470f8da05b598_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:a60d01bfe3bfa2dc484f9d940b71538f0b3732cb77db883edb7a93cf42f2992e_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ae9d275647749b591a1ab2e4e805904b02bf8af4265793120b5eb1065759fc13_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d6aaf4ab035e7dfb136fd85f82fb10852e657e8fdae2281613258009bb26250e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:2148"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:82e36c47f867ced806082b44fe357e70b07c72c4258c16af5a14f56fc040b534_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:84dfc3c35747d81138244b4aa9893f9f1d21775717a4014d328eb5701d832569_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b6b13c0381b96b286fd04e777ae6801ad61e703b5484e9105b9fa0c5de587c29_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e5a71ca768b96c827dd2fd860cbd739d7743f1eeb89b2e4c7cc9157941683626_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2cdf4960ec57c4971d2f9ce92b07686831e6f55e24c9b1a2831470f8da05b598_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:a60d01bfe3bfa2dc484f9d940b71538f0b3732cb77db883edb7a93cf42f2992e_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ae9d275647749b591a1ab2e4e805904b02bf8af4265793120b5eb1065759fc13_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d6aaf4ab035e7dfb136fd85f82fb10852e657e8fdae2281613258009bb26250e_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:82e36c47f867ced806082b44fe357e70b07c72c4258c16af5a14f56fc040b534_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:84dfc3c35747d81138244b4aa9893f9f1d21775717a4014d328eb5701d832569_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b6b13c0381b96b286fd04e777ae6801ad61e703b5484e9105b9fa0c5de587c29_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e5a71ca768b96c827dd2fd860cbd739d7743f1eeb89b2e4c7cc9157941683626_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2cdf4960ec57c4971d2f9ce92b07686831e6f55e24c9b1a2831470f8da05b598_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:a60d01bfe3bfa2dc484f9d940b71538f0b3732cb77db883edb7a93cf42f2992e_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ae9d275647749b591a1ab2e4e805904b02bf8af4265793120b5eb1065759fc13_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d6aaf4ab035e7dfb136fd85f82fb10852e657e8fdae2281613258009bb26250e_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "qs: qs: Denial of Service via improper input validation in array parsing"
    },
    {
      "cve": "CVE-2025-61729",
      "cwe": {
        "id": "CWE-1050",
        "name": "Excessive Platform Resource Consumption within a Loop"
      },
      "discovery_date": "2025-12-02T20:01:45.330964+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:82e36c47f867ced806082b44fe357e70b07c72c4258c16af5a14f56fc040b534_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:84dfc3c35747d81138244b4aa9893f9f1d21775717a4014d328eb5701d832569_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b6b13c0381b96b286fd04e777ae6801ad61e703b5484e9105b9fa0c5de587c29_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e5a71ca768b96c827dd2fd860cbd739d7743f1eeb89b2e4c7cc9157941683626_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2418462"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2cdf4960ec57c4971d2f9ce92b07686831e6f55e24c9b1a2831470f8da05b598_s390x",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:a60d01bfe3bfa2dc484f9d940b71538f0b3732cb77db883edb7a93cf42f2992e_ppc64le",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ae9d275647749b591a1ab2e4e805904b02bf8af4265793120b5eb1065759fc13_arm64",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d6aaf4ab035e7dfb136fd85f82fb10852e657e8fdae2281613258009bb26250e_amd64"
        ],
        "known_not_affected": [
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:82e36c47f867ced806082b44fe357e70b07c72c4258c16af5a14f56fc040b534_arm64",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:84dfc3c35747d81138244b4aa9893f9f1d21775717a4014d328eb5701d832569_s390x",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b6b13c0381b96b286fd04e777ae6801ad61e703b5484e9105b9fa0c5de587c29_ppc64le",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e5a71ca768b96c827dd2fd860cbd739d7743f1eeb89b2e4c7cc9157941683626_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-61729"
        },
        {
          "category": "external",
          "summary": "RHBZ#2418462",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/725920",
          "url": "https://go.dev/cl/725920"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/76445",
          "url": "https://go.dev/issue/76445"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
          "url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-4155",
          "url": "https://pkg.go.dev/vuln/GO-2025-4155"
        }
      ],
      "release_date": "2025-12-02T18:54:10.166000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-02-05T15:58:24+00:00",
          "details": "See Kiali 2.11.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2cdf4960ec57c4971d2f9ce92b07686831e6f55e24c9b1a2831470f8da05b598_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:a60d01bfe3bfa2dc484f9d940b71538f0b3732cb77db883edb7a93cf42f2992e_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ae9d275647749b591a1ab2e4e805904b02bf8af4265793120b5eb1065759fc13_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d6aaf4ab035e7dfb136fd85f82fb10852e657e8fdae2281613258009bb26250e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:2148"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:82e36c47f867ced806082b44fe357e70b07c72c4258c16af5a14f56fc040b534_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:84dfc3c35747d81138244b4aa9893f9f1d21775717a4014d328eb5701d832569_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b6b13c0381b96b286fd04e777ae6801ad61e703b5484e9105b9fa0c5de587c29_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e5a71ca768b96c827dd2fd860cbd739d7743f1eeb89b2e4c7cc9157941683626_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2cdf4960ec57c4971d2f9ce92b07686831e6f55e24c9b1a2831470f8da05b598_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:a60d01bfe3bfa2dc484f9d940b71538f0b3732cb77db883edb7a93cf42f2992e_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ae9d275647749b591a1ab2e4e805904b02bf8af4265793120b5eb1065759fc13_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d6aaf4ab035e7dfb136fd85f82fb10852e657e8fdae2281613258009bb26250e_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
    },
    {
      "cve": "CVE-2026-22029",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2026-01-10T04:01:03.694749+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2428412"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (\u003cBrowserRouter\u003e) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:82e36c47f867ced806082b44fe357e70b07c72c4258c16af5a14f56fc040b534_arm64",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:84dfc3c35747d81138244b4aa9893f9f1d21775717a4014d328eb5701d832569_s390x",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b6b13c0381b96b286fd04e777ae6801ad61e703b5484e9105b9fa0c5de587c29_ppc64le",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e5a71ca768b96c827dd2fd860cbd739d7743f1eeb89b2e4c7cc9157941683626_amd64",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2cdf4960ec57c4971d2f9ce92b07686831e6f55e24c9b1a2831470f8da05b598_s390x",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:a60d01bfe3bfa2dc484f9d940b71538f0b3732cb77db883edb7a93cf42f2992e_ppc64le",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ae9d275647749b591a1ab2e4e805904b02bf8af4265793120b5eb1065759fc13_arm64",
          "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d6aaf4ab035e7dfb136fd85f82fb10852e657e8fdae2281613258009bb26250e_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-22029"
        },
        {
          "category": "external",
          "summary": "RHBZ#2428412",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428412"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-22029",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029"
        },
        {
          "category": "external",
          "summary": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx",
          "url": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx"
        }
      ],
      "release_date": "2026-01-10T02:42:32.736000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-02-05T15:58:24+00:00",
          "details": "See Kiali 2.11.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1/html/observability/kiali-operator-provided-by-red-hat",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:82e36c47f867ced806082b44fe357e70b07c72c4258c16af5a14f56fc040b534_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:84dfc3c35747d81138244b4aa9893f9f1d21775717a4014d328eb5701d832569_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b6b13c0381b96b286fd04e777ae6801ad61e703b5484e9105b9fa0c5de587c29_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e5a71ca768b96c827dd2fd860cbd739d7743f1eeb89b2e4c7cc9157941683626_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2cdf4960ec57c4971d2f9ce92b07686831e6f55e24c9b1a2831470f8da05b598_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:a60d01bfe3bfa2dc484f9d940b71538f0b3732cb77db883edb7a93cf42f2992e_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ae9d275647749b591a1ab2e4e805904b02bf8af4265793120b5eb1065759fc13_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d6aaf4ab035e7dfb136fd85f82fb10852e657e8fdae2281613258009bb26250e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:2148"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:82e36c47f867ced806082b44fe357e70b07c72c4258c16af5a14f56fc040b534_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:84dfc3c35747d81138244b4aa9893f9f1d21775717a4014d328eb5701d832569_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b6b13c0381b96b286fd04e777ae6801ad61e703b5484e9105b9fa0c5de587c29_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e5a71ca768b96c827dd2fd860cbd739d7743f1eeb89b2e4c7cc9157941683626_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2cdf4960ec57c4971d2f9ce92b07686831e6f55e24c9b1a2831470f8da05b598_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:a60d01bfe3bfa2dc484f9d940b71538f0b3732cb77db883edb7a93cf42f2992e_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ae9d275647749b591a1ab2e4e805904b02bf8af4265793120b5eb1065759fc13_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d6aaf4ab035e7dfb136fd85f82fb10852e657e8fdae2281613258009bb26250e_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:82e36c47f867ced806082b44fe357e70b07c72c4258c16af5a14f56fc040b534_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:84dfc3c35747d81138244b4aa9893f9f1d21775717a4014d328eb5701d832569_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:b6b13c0381b96b286fd04e777ae6801ad61e703b5484e9105b9fa0c5de587c29_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel9@sha256:e5a71ca768b96c827dd2fd860cbd739d7743f1eeb89b2e4c7cc9157941683626_amd64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:2cdf4960ec57c4971d2f9ce92b07686831e6f55e24c9b1a2831470f8da05b598_s390x",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:a60d01bfe3bfa2dc484f9d940b71538f0b3732cb77db883edb7a93cf42f2992e_ppc64le",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:ae9d275647749b591a1ab2e4e805904b02bf8af4265793120b5eb1065759fc13_arm64",
            "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/kiali-rhel9@sha256:d6aaf4ab035e7dfb136fd85f82fb10852e657e8fdae2281613258009bb26250e_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects"
    }
  ]
}

CVE-2025-61729 (GCVE-0-2025-61729)

Vulnerability from cvelistv5 – Published: 2025-12-02 18:54 – Updated: 2025-12-03 19:37

Title

Excessive resource consumption when printing error string for host certificate validation in crypto/x509

Summary

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

References

URL

Tags

	https://go.dev/cl/725920
	https://go.dev/issue/76445
	https://groups.google.com/g/golang-announce/c/8FJ…
	https://pkg.go.dev/vuln/GO-2025-4155

Impacted products

	Vendor	Product	Version
	Go standard library	crypto/x509	Affected: 0 , < 1.24.11 (semver) Affected: 1.25.0 , < 1.25.5 (semver)

Credits

Philippe Antoine (Catena cyber)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-61729",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-02T21:52:36.341575Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-02T21:52:58.224Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "crypto/x509",
          "product": "crypto/x509",
          "programRoutines": [
            {
              "name": "Certificate.VerifyHostname"
            },
            {
              "name": "Certificate.Verify"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.5",
              "status": "affected",
              "version": "1.25.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Philippe Antoine (Catena cyber)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-03T19:37:14.903Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/725920"
        },
        {
          "url": "https://go.dev/issue/76445"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-4155"
        }
      ],
      "title": "Excessive resource consumption when printing error string for host certificate validation in crypto/x509"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-61729",
    "datePublished": "2025-12-02T18:54:10.166Z",
    "dateReserved": "2025-09-30T15:05:03.605Z",
    "dateUpdated": "2025-12-03T19:37:14.903Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22029 (GCVE-0-2026-22029)

Vulnerability from cvelistv5 – Published: 2026-01-10 02:42 – Updated: 2026-01-13 04:55

Title

React Router vulnerable to XSS via Open Redirects

Summary

React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (<BrowserRouter>) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0.

Severity ?

8 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

URL

Tags

https://github.com/remix-run/react-router/securit…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	remix-run	react-router	Affected: @remix-run/router < 1.23.2 Affected: react-router >= 7.0.0, < 7.12.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22029",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-12T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T04:55:52.374Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "react-router",
          "vendor": "remix-run",
          "versions": [
            {
              "status": "affected",
              "version": "@remix-run/router \u003c 1.23.2"
            },
            {
              "status": "affected",
              "version": "react-router  \u003e= 7.0.0, \u003c 7.12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (\u003cBrowserRouter\u003e) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-10T02:42:32.736Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx"
        }
      ],
      "source": {
        "advisory": "GHSA-2w69-qvjg-hvjx",
        "discovery": "UNKNOWN"
      },
      "title": "React Router vulnerable to XSS via Open Redirects"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-22029",
    "datePublished": "2026-01-10T02:42:32.736Z",
    "dateReserved": "2026-01-05T22:30:38.718Z",
    "dateUpdated": "2026-01-13T04:55:52.374Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-13465 (GCVE-0-2025-13465)

Vulnerability from cvelistv5 – Published: 2026-01-21 19:05 – Updated: 2026-01-21 19:43

Title

Prototype Pollution Vulnerability in Lodash _.unset and _.omit functions

Summary

Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. This issue is patched on 4.17.23

Severity ?

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P

CWE

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Assigner

openjs

References

URL

Tags

https://github.com/lodash/lodash/security/advisor…

Impacted products

Vendor

Product

Version

Lodash

Affected: 4.0.0 , ≤ 4.17.22 (semver)

Lodash-amd	Lodash-amd	Affected: 4.0.0 , ≤ 4.17.22 (semver)
lodash-es	lodash-es	Affected: 4.0.0 , ≤ 4.17.22 (semver)
lodash.unset	lodash.unset	Affected: 4.0.0

Credits

Lukas Euler Jordan Harband Michał Lipiński Ulises Gascón

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13465",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-21T19:43:10.513400Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-21T19:43:38.268Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "https://github.com/lodash/lodash"
          ],
          "packageName": "lodash",
          "product": "Lodash",
          "repo": "https://github.com/lodash/lodash",
          "vendor": "Lodash",
          "versions": [
            {
              "lessThanOrEqual": "4.17.22",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "https://github.com/lodash/lodash"
          ],
          "product": "Lodash-amd",
          "repo": "https://github.com/lodash/lodash",
          "vendor": "Lodash-amd",
          "versions": [
            {
              "lessThanOrEqual": "4.17.22",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "https://github.com/lodash/lodash"
          ],
          "product": "lodash-es",
          "repo": "https://github.com/lodash/lodash",
          "vendor": "lodash-es",
          "versions": [
            {
              "lessThanOrEqual": "4.17.22",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "https://github.com/lodash/lodash"
          ],
          "product": "lodash.unset",
          "repo": "https://github.com/lodash/lodash",
          "vendor": "lodash.unset",
          "versions": [
            {
              "status": "affected",
              "version": "4.0.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Lukas Euler"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "Jordan Harband"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Micha\u0142 Lipi\u0144ski"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Ulises Gasc\u00f3n"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eLodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the \u003ccode\u003e_.unset\u003c/code\u003e\u0026nbsp;and \u003ccode\u003e_.omit\u003c/code\u003e\u0026nbsp;functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.\u003c/p\u003e\u003cp\u003eThe issue permits deletion of properties but does not allow overwriting their original behavior.\u003c/p\u003e\u003cp\u003eThis issue is patched on 4.17.23\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset\u00a0and _.omit\u00a0functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.\n\nThe issue permits deletion of properties but does not allow overwriting their original behavior.\n\nThis issue is patched on 4.17.23"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-77",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-77 Manipulating User-Controlled Variables"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "PROOF_OF_CONCEPT",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-21T19:05:28.846Z",
        "orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
        "shortName": "openjs"
      },
      "references": [
        {
          "url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
        }
      ],
      "source": {
        "advisory": "GHSA-xxjr-mmjv-4gpg",
        "discovery": "EXTERNAL"
      },
      "title": "Prototype Pollution Vulnerability in Lodash _.unset and _.omit functions",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
    "assignerShortName": "openjs",
    "cveId": "CVE-2025-13465",
    "datePublished": "2026-01-21T19:05:28.846Z",
    "dateReserved": "2025-11-20T02:16:12.128Z",
    "dateUpdated": "2026-01-21T19:43:38.268Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-15284 (GCVE-0-2025-15284)

Vulnerability from cvelistv5 – Published: 2025-12-29 22:56 – Updated: 2025-12-30 15:57

Title

arrayLimit bypass in bracket notation allows DoS via memory exhaustion

Summary

Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1. SummaryThe arrayLimit option in qs does not enforce limits for bracket notation (a[]=1&a[]=2), allowing attackers to cause denial-of-service via memory exhaustion. Applications using arrayLimit for DoS protection are vulnerable. DetailsThe arrayLimit option only checks limits for indexed notation (a[0]=1&a[1]=2) but completely bypasses it for bracket notation (a[]=1&a[]=2). Vulnerable code (lib/parse.js:159-162): if (root === '[]' && options.parseArrays) { obj = utils.combine([], leaf); // No arrayLimit check } Working code (lib/parse.js:175): else if (index <= options.arrayLimit) { // Limit checked here obj = []; obj[index] = leaf; } The bracket notation handler at line 159 uses utils.combine([], leaf) without validating against options.arrayLimit, while indexed notation at line 175 checks index <= options.arrayLimit before creating arrays. PoCTest 1 - Basic bypass: npm install qs const qs = require('qs'); const result = qs.parse('a[]=1&a[]=2&a[]=3&a[]=4&a[]=5&a[]=6', { arrayLimit: 5 }); console.log(result.a.length); // Output: 6 (should be max 5) Test 2 - DoS demonstration: const qs = require('qs'); const attack = 'a[]=' + Array(10000).fill('x').join('&a[]='); const result = qs.parse(attack, { arrayLimit: 100 }); console.log(result.a.length); // Output: 10000 (should be max 100) Configuration: * arrayLimit: 5 (test 1) or arrayLimit: 100 (test 2) * Use bracket notation: a[]=value (not indexed a[0]=value) ImpactDenial of Service via memory exhaustion. Affects applications using qs.parse() with user-controlled input and arrayLimit for protection. Attack scenario: * Attacker sends HTTP request: GET /api/search?filters[]=x&filters[]=x&...&filters[]=x (100,000+ times) * Application parses with qs.parse(query, { arrayLimit: 100 }) * qs ignores limit, parses all 100,000 elements into array * Server memory exhausted → application crashes or becomes unresponsive * Service unavailable for all users Real-world impact: * Single malicious request can crash server * No authentication required * Easy to automate and scale * Affects any endpoint parsing query strings with bracket notation

Severity ?

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Assigner

harborist

References

URL

Tags

	https://github.com/ljharb/qs/security/advisories/…	vendor-advisory
	https://github.com/ljharb/qs/commit/3086902ecf7f0…	patch

Impacted products

	Vendor	Product	Version
			Affected: < 6.14.1 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-15284",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-30T14:55:26.031863Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-30T15:57:41.402Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://npmjs.com/qs",
          "defaultStatus": "affected",
          "modules": [
            "parse"
          ],
          "packageName": "qs",
          "repo": "https://github.com/ljharb/qs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 6.14.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.\u003cp\u003eThis issue affects qs: \u0026lt; 6.14.1.\u003c/p\u003e\u003ch3\u003e\u003cbr\u003eSummary\u003c/h3\u003e\u003cp\u003eThe \u003ccode\u003earrayLimit\u003c/code\u003e\u0026nbsp;option in qs does not enforce limits for bracket notation (\u003ccode\u003ea[]=1\u0026amp;a[]=2\u003c/code\u003e), allowing attackers to cause denial-of-service via memory exhaustion. Applications using \u003ccode\u003earrayLimit\u003c/code\u003e\u0026nbsp;for DoS protection are vulnerable.\u003c/p\u003e\u003ch3\u003eDetails\u003c/h3\u003e\u003cp\u003eThe \u003ccode\u003earrayLimit\u003c/code\u003e\u0026nbsp;option only checks limits for indexed notation (\u003ccode\u003ea[0]=1\u0026amp;a[1]=2\u003c/code\u003e) but completely bypasses it for bracket notation (\u003ccode\u003ea[]=1\u0026amp;a[]=2\u003c/code\u003e).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eVulnerable code\u003c/strong\u003e\u0026nbsp;(\u003ccode\u003elib/parse.js:159-162\u003c/code\u003e):\u003c/p\u003e\u003cdiv\u003e\u003cpre\u003eif (root === \u0027[]\u0027 \u0026amp;\u0026amp; options.parseArrays) {\n    obj = utils.combine([], leaf);  // No arrayLimit check\n}\u003c/pre\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003e\u003cstrong\u003eWorking code\u003c/strong\u003e\u0026nbsp;(\u003ccode\u003elib/parse.js:175\u003c/code\u003e):\u003c/p\u003e\u003cdiv\u003e\u003cpre\u003eelse if (index \u0026lt;= options.arrayLimit) {  // Limit checked here\n    obj = [];\n    obj[index] = leaf;\n}\u003c/pre\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003eThe bracket notation handler at line 159 uses \u003ccode\u003eutils.combine([], leaf)\u003c/code\u003e\u0026nbsp;without validating against \u003ccode\u003eoptions.arrayLimit\u003c/code\u003e, while indexed notation at line 175 checks \u003ccode\u003eindex \u0026lt;= options.arrayLimit\u003c/code\u003e\u0026nbsp;before creating arrays.\u003c/p\u003e\u003ch3\u003ePoC\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTest 1 - Basic bypass:\u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003cpre\u003enpm install qs\u003c/pre\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cpre\u003econst qs = require(\u0027qs\u0027);\nconst result = qs.parse(\u0027a[]=1\u0026amp;a[]=2\u0026amp;a[]=3\u0026amp;a[]=4\u0026amp;a[]=5\u0026amp;a[]=6\u0027, { arrayLimit: 5 });\nconsole.log(result.a.length);  // Output: 6 (should be max 5)\u003c/pre\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003e\u003cstrong\u003eTest 2 - DoS demonstration:\u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003cpre\u003econst qs = require(\u0027qs\u0027);\nconst attack = \u0027a[]=\u0027 + Array(10000).fill(\u0027x\u0027).join(\u0027\u0026amp;a[]=\u0027);\nconst result = qs.parse(attack, { arrayLimit: 100 });\nconsole.log(result.a.length);  // Output: 10000 (should be max 100)\u003c/pre\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003e\u003cstrong\u003eConfiguration:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ccode\u003earrayLimit: 5\u003c/code\u003e\u0026nbsp;(test 1) or \u003ccode\u003earrayLimit: 100\u003c/code\u003e\u0026nbsp;(test 2)\u003c/li\u003e\u003cli\u003eUse bracket notation: \u003ccode\u003ea[]=value\u003c/code\u003e\u0026nbsp;(not indexed \u003ccode\u003ea[0]=value\u003c/code\u003e)\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eImpact\u003c/h3\u003e\u003cp\u003eDenial of Service via memory exhaustion. Affects applications using \u003ccode\u003eqs.parse()\u003c/code\u003e\u0026nbsp;with user-controlled input and \u003ccode\u003earrayLimit\u003c/code\u003e\u0026nbsp;for protection.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAttack scenario:\u003c/strong\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003eAttacker sends HTTP request: \u003ccode\u003eGET /api/search?filters[]=x\u0026amp;filters[]=x\u0026amp;...\u0026amp;filters[]=x\u003c/code\u003e\u0026nbsp;(100,000+ times)\u003c/li\u003e\u003cli\u003eApplication parses with \u003ccode\u003eqs.parse(query, { arrayLimit: 100 })\u003c/code\u003e\u003c/li\u003e\u003cli\u003eqs ignores limit, parses all 100,000 elements into array\u003c/li\u003e\u003cli\u003eServer memory exhausted \u2192 application crashes or becomes unresponsive\u003c/li\u003e\u003cli\u003eService unavailable for all users\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cstrong\u003eReal-world impact:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eSingle malicious request can crash server\u003c/li\u003e\u003cli\u003eNo authentication required\u003c/li\u003e\u003cli\u003eEasy to automate and scale\u003c/li\u003e\u003cli\u003eAffects any endpoint parsing query strings with bracket notation\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: \u003c 6.14.1.\n\n\nSummaryThe arrayLimit\u00a0option in qs does not enforce limits for bracket notation (a[]=1\u0026a[]=2), allowing attackers to cause denial-of-service via memory exhaustion. Applications using arrayLimit\u00a0for DoS protection are vulnerable.\n\nDetailsThe arrayLimit\u00a0option only checks limits for indexed notation (a[0]=1\u0026a[1]=2) but completely bypasses it for bracket notation (a[]=1\u0026a[]=2).\n\nVulnerable code\u00a0(lib/parse.js:159-162):\n\nif (root === \u0027[]\u0027 \u0026\u0026 options.parseArrays) {\n    obj = utils.combine([], leaf);  // No arrayLimit check\n}\n\n\n\n\n\nWorking code\u00a0(lib/parse.js:175):\n\nelse if (index \u003c= options.arrayLimit) {  // Limit checked here\n    obj = [];\n    obj[index] = leaf;\n}\n\n\n\n\n\nThe bracket notation handler at line 159 uses utils.combine([], leaf)\u00a0without validating against options.arrayLimit, while indexed notation at line 175 checks index \u003c= options.arrayLimit\u00a0before creating arrays.\n\nPoCTest 1 - Basic bypass:\n\nnpm install qs\n\n\n\n\n\nconst qs = require(\u0027qs\u0027);\nconst result = qs.parse(\u0027a[]=1\u0026a[]=2\u0026a[]=3\u0026a[]=4\u0026a[]=5\u0026a[]=6\u0027, { arrayLimit: 5 });\nconsole.log(result.a.length);  // Output: 6 (should be max 5)\n\n\n\n\n\nTest 2 - DoS demonstration:\n\nconst qs = require(\u0027qs\u0027);\nconst attack = \u0027a[]=\u0027 + Array(10000).fill(\u0027x\u0027).join(\u0027\u0026a[]=\u0027);\nconst result = qs.parse(attack, { arrayLimit: 100 });\nconsole.log(result.a.length);  // Output: 10000 (should be max 100)\n\n\n\n\n\nConfiguration:\n\n  *  arrayLimit: 5\u00a0(test 1) or arrayLimit: 100\u00a0(test 2)\n  *  Use bracket notation: a[]=value\u00a0(not indexed a[0]=value)\n\n\nImpactDenial of Service via memory exhaustion. Affects applications using qs.parse()\u00a0with user-controlled input and arrayLimit\u00a0for protection.\n\nAttack scenario:\n\n  *  Attacker sends HTTP request: GET /api/search?filters[]=x\u0026filters[]=x\u0026...\u0026filters[]=x\u00a0(100,000+ times)\n  *  Application parses with qs.parse(query, { arrayLimit: 100 })\n  *  qs ignores limit, parses all 100,000 elements into array\n  *  Server memory exhausted \u2192 application crashes or becomes unresponsive\n  *  Service unavailable for all users\nReal-world impact:\n\n  *  Single malicious request can crash server\n  *  No authentication required\n  *  Easy to automate and scale\n  *  Affects any endpoint parsing query strings with bracket notation"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-469",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-469 HTTP DoS"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-29T22:56:45.240Z",
        "orgId": "7ffcee3d-2c14-4c3e-b844-86c6a321a158",
        "shortName": "harborist"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "arrayLimit bypass in bracket notation allows DoS via memory exhaustion",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7ffcee3d-2c14-4c3e-b844-86c6a321a158",
    "assignerShortName": "harborist",
    "cveId": "CVE-2025-15284",
    "datePublished": "2025-12-29T22:56:45.240Z",
    "dateReserved": "2025-12-29T21:36:51.399Z",
    "dateUpdated": "2025-12-30T15:57:41.402Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:2148

CVE-2025-61729 (GCVE-0-2025-61729)

CVE-2026-22029 (GCVE-0-2026-22029)

CVE-2025-13465 (GCVE-0-2025-13465)

CVE-2025-15284 (GCVE-0-2025-15284)

Tags

Sightings

Nomenclature