RHSA-2026:2737
Vulnerability from csaf_redhat - Published: 2026-02-16 12:56 - Updated: 2026-02-18 12:42Summary
Red Hat Security Advisory: Red Hat Ceph Storage
Notes
Topic
A new version of Red Hat build of Ceph Storage has been released
Details
The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 8.1.
This release updates to the latest version.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new version of Red Hat build of Ceph Storage has been released",
"title": "Topic"
},
{
"category": "general",
"text": "The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 8.1.\nThis release updates to the latest version.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2737",
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2019-10790",
"url": "https://access.redhat.com/security/cve/CVE-2019-10790"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2021-23358",
"url": "https://access.redhat.com/security/cve/CVE-2021-23358"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2022-34749",
"url": "https://access.redhat.com/security/cve/CVE-2022-34749"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-31884",
"url": "https://access.redhat.com/security/cve/CVE-2024-31884"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-51744",
"url": "https://access.redhat.com/security/cve/CVE-2024-51744"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-55565",
"url": "https://access.redhat.com/security/cve/CVE-2024-55565"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-14104",
"url": "https://access.redhat.com/security/cve/CVE-2025-14104"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-26791",
"url": "https://access.redhat.com/security/cve/CVE-2025-26791"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47907",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47913",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6176",
"url": "https://access.redhat.com/security/cve/CVE-2025-6176"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68429",
"url": "https://access.redhat.com/security/cve/CVE-2025-68429"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-7783",
"url": "https://access.redhat.com/security/cve/CVE-2025-7783"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_ceph_storage/",
"url": "https://docs.redhat.com/en/documentation/red_hat_ceph_storage/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2737.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ceph Storage",
"tracking": {
"current_release_date": "2026-02-18T12:42:16+00:00",
"generator": {
"date": "2026-02-18T12:42:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2737",
"initial_release_date": "2026-02-16T12:56:05+00:00",
"revision_history": [
{
"date": "2026-02-16T12:56:05+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-16T12:56:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-18T12:42:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 8",
"product": {
"name": "Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:8::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3Ab219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770630607"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770631713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3Af00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770632172"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3A224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770631941"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256%3Abf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770630907"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3A064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770632233"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3A25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770630607"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3Ae856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770631713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3A5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770632172"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3Afe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770631941"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"product_id": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256%3A2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770630907"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3Af31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770632233"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3A1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770630607"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3Aedb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770631713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3Aad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770632172"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3A91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770631941"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256%3Ac571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770630907"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3A3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770632233"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3Aeca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770630607"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770631713"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3A72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770632172"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3Ad287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770631941"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256%3Aecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770630907"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3Ad19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1770632233"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64 as a component of Red Hat Ceph Storage 8",
"product_id": "Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10790",
"discovery_date": "2025-08-20T22:37:38.151000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2389970"
}
],
"notes": [
{
"category": "description",
"text": "taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properties into user-input. If index is found in the query, taffyDB will ignore other query conditions and directly return the indexed data item. Moreover, the internal index is in an easily-guessable format (e.g., T000002R000001). As such, attackers can use this vulnerability to access any data items in the DB.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "taffy: taffydb: Internal Property Tampering",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10790"
},
{
"category": "external",
"summary": "RHBZ#2389970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10790",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10790"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-TAFFYDB-2992450",
"url": "https://security.snyk.io/vuln/SNYK-JS-TAFFYDB-2992450"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-TAFFY-546521",
"url": "https://snyk.io/vuln/SNYK-JS-TAFFY-546521"
},
{
"category": "external",
"summary": "https://www.usenix.org/system/files/sec21-xiao.pdf",
"url": "https://www.usenix.org/system/files/sec21-xiao.pdf"
}
],
"release_date": "2020-02-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "taffy: taffydb: Internal Property Tampering"
},
{
"cve": "CVE-2021-23358",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2021-03-29T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1944286"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-underscore: Arbitrary code execution via the template function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Whilst the OpenShift Container Platform (OCP) openshift4/ose-grafana and openshift3/grafana as well as console, grc-ui and search-ui containers for Red Hat Advanced Management for Kubernetes (RHACM) include the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Additionally this library is used in openshift4/ose-grafana container only in Grafana End-to-End Test package. Therefore the impact by this flaw is reduced to Low and the affected OCP components are marked as \"will not fix\" at this time and to Moderate for the affected RHACM components. This might be fixed in a future release.\n\nRed Hat Enterprise Virtualization includes the vulnerable underscore library, however it is not parsing any untrusted data, therefore impact is reduced to Low.\n\nBelow Red Hat products include the underscore dependency, but it is not used by the product and hence this issue has been rated as having a security impact of Low.\n\n* Red Hat Quay\n* Red Hat Gluster Storage 3\n* Red Hat OpenShift Container Storage 4\n* Red Hat Ceph Storage 3 and 4",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23358"
},
{
"category": "external",
"summary": "RHBZ#1944286",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944286"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358"
}
],
"release_date": "2021-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs-underscore: Arbitrary code execution via the template function"
},
{
"cve": "CVE-2022-34749",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2022-07-29T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2112230"
}
],
"notes": [
{
"category": "description",
"text": "A regular expression denial of service (ReDoS) flaw was found in the asteris emphasis regular expression implementation in Mistune. By sending specially-crafted regex input, a remote attacker could invoke a catastrophic backtrack, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mistune: catastrophic backtracking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-34749"
},
{
"category": "external",
"summary": "RHBZ#2112230",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112230"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-34749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34749"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-34749",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34749"
},
{
"category": "external",
"summary": "https://github.com/lepture/mistune/commit/a6d43215132fe4f3d93f8d7e90ba83b16a0838b2",
"url": "https://github.com/lepture/mistune/commit/a6d43215132fe4f3d93f8d7e90ba83b16a0838b2"
}
],
"release_date": "2022-07-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mistune: catastrophic backtracking"
},
{
"acknowledgments": [
{
"names": [
"Martin Schobert"
]
}
],
"cve": "CVE-2024-31884",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2025-08-20T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2389907"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pybind: Improper use of Pybind",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-31884"
},
{
"category": "external",
"summary": "RHBZ#2389907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-31884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31884"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-31884",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31884"
}
],
"release_date": "2026-01-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pybind: Improper use of Pybind"
},
{
"cve": "CVE-2024-51744",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"discovery_date": "2024-11-04T22:01:08.655905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323735"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang-jwt package. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they can miss the embedded `jwt.ErrTokenSignatureInvalid`, and thus, potentially accept invalid tokens.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-51744"
},
{
"category": "external",
"summary": "RHBZ#2323735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-51744",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51744"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c",
"url": "https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r",
"url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r"
}
],
"release_date": "2024-11-04T21:47:12.170000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt"
},
{
"cve": "CVE-2024-55565",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-12-09T02:00:45.255738+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331063"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nanoid. Affected versions of nanoid mishandles non-integer values. When nanoid is called with a fractional value, there were a number of undesirable effects:\n\n- In browser and non-secure, the code infinite loops on while (size--)\n- In node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled: when i is initialized to poolOffset, pool[i] \u0026 63 -\u003e undefined \u0026 63 -\u003e 0\n- If the first call in node is a fractional argument, the initial buffer allocation fails with an error\n\nThe highest impact of this issue system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nanoid: nanoid mishandles non-integer values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-55565"
},
{
"category": "external",
"summary": "RHBZ#2331063",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331063"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8",
"url": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/pull/510",
"url": "https://github.com/ai/nanoid/pull/510"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/releases/tag/5.0.9",
"url": "https://github.com/ai/nanoid/releases/tag/5.0.9"
}
],
"release_date": "2024-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nanoid: nanoid mishandles non-integer values"
},
{
"cve": "CVE-2025-6176",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-31T01:00:56.408048+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2408762"
}
],
"notes": [
{
"category": "description",
"text": "Scrapy are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The flaw in Scrapy\u0027s brotli decompression implementation allows remote attackers to trigger a denial of service by sending specially crafted brotli-compressed data. This can lead to excessive memory consumption and system instability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6176"
},
{
"category": "external",
"summary": "RHBZ#2408762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408762"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6176"
},
{
"category": "external",
"summary": "https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0",
"url": "https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0"
}
],
"release_date": "2025-10-31T00:00:21.219000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS"
},
{
"cve": "CVE-2025-7783",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-07-18T17:00:43.396637+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2381959"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability related to predictable random number generation has been discovered in the form-data JavaScript library. The library utilizes Math.random() to determine boundary values for multipart form-encoded data.\n\nThis presents a security risk if an attacker can observe other values generated by Math.random() within the target application and simultaneously control at least one field of a request made using form-data. Under these conditions, the attacker could potentially predict or determine the boundary values. This predictability could be leveraged to bypass security controls, manipulate form data, or potentially lead to data integrity issues or other forms of exploitation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "form-data: Unsafe random function in form-data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw does not affect host systems. The impact of this vulnerability is limited to specific applications which integrate the `form-data` library. As a result the impact of this CVE is limited on RedHat systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7783"
},
{
"category": "external",
"summary": "RHBZ#2381959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2381959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7783",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7783"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0",
"url": "https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4",
"url": "https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4"
}
],
"release_date": "2025-07-18T16:34:44.889000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "form-data: Unsafe random function in form-data"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-14104",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-05T14:16:36.004000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419369"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-14104"
},
{
"category": "external",
"summary": "RHBZ#2419369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419369"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-14104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14104"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104"
}
],
"release_date": "2025-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames"
},
{
"cve": "CVE-2025-26791",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2025-02-14T09:00:45.578144+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2345695"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in DOMPurify. This vulnerability allows attackers to execute mutation-based Cross-site scripting (mXSS) via an incorrect template literal regular expression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-26791"
},
{
"category": "external",
"summary": "RHBZ#2345695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-26791",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26791"
},
{
"category": "external",
"summary": "https://ensy.zip/posts/dompurify-323-bypass/",
"url": "https://ensy.zip/posts/dompurify-323-bypass/"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02",
"url": "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/releases/tag/3.2.4",
"url": "https://github.com/cure53/DOMPurify/releases/tag/3.2.4"
},
{
"category": "external",
"summary": "https://nsysean.github.io/posts/dompurify-323-bypass/",
"url": "https://nsysean.github.io/posts/dompurify-323-bypass/"
}
],
"release_date": "2025-02-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling"
},
{
"cve": "CVE-2025-47907",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2025-08-07T16:01:06.247481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2387083"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "database/sql: Postgres Scan Race Condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Moderate severity issues rather than Important. The os/exec LookPath flaw requires a misconfigured PATH to be exploitable, and the database/sql race condition primarily impacts applications that cancel queries while running multiple queries concurrently. Both can cause unexpected behavior, but the exploitation scope is limited and unlikely to result in direct compromise in most typical deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "RHBZ#2387083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://go.dev/cl/693735",
"url": "https://go.dev/cl/693735"
},
{
"category": "external",
"summary": "https://go.dev/issue/74831",
"url": "https://go.dev/issue/74831"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM",
"url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3849",
"url": "https://pkg.go.dev/vuln/GO-2025-3849"
}
],
"release_date": "2025-08-07T15:25:30.704000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "database/sql: Postgres Scan Race Condition"
},
{
"cve": "CVE-2025-47913",
"discovery_date": "2025-11-13T22:01:26.092452+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2414943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic(\"unreachable\") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability was marked as Important because it allows any malicious or misbehaving SSH agent to force a crash in the client process using a single valid protocol byte. The panic occurs before the client has a chance to validate message structure or recover, which means an attacker controlling\u2014or intercepting\u2014SSH agent traffic can reliably terminate processes that rely on agent interactions. In environments where SSH agents operate over forwarded sockets, shared workspaces, or CI/CD runners, this turns into a reliable, unauthenticated remote denial of service against critical automation or developer tooling. The flaw also stems from unsafe assumptions in the unmarshalling logic, where unexpected but protocol-legal message types drop into \u201cunreachable\u201d code paths instead of being handled gracefully\u2014making it a design-level reliability break rather than a simple error-handling bug. For this reason, it is rated as an important availability-impacting vulnerability rather than a moderate issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "RHBZ#2414943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-hcg3-q754-cr77",
"url": "https://github.com/advisories/GHSA-hcg3-q754-cr77"
},
{
"category": "external",
"summary": "https://go.dev/cl/700295",
"url": "https://go.dev/cl/700295"
},
{
"category": "external",
"summary": "https://go.dev/issue/75178",
"url": "https://go.dev/issue/75178"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4116",
"url": "https://pkg.go.dev/vuln/GO-2025-4116"
}
],
"release_date": "2025-11-13T21:29:39.907000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
},
{
"cve": "CVE-2025-68429",
"cwe": {
"id": "CWE-538",
"name": "Insertion of Sensitive Information into Externally-Accessible File or Directory"
},
"discovery_date": "2025-12-17T23:03:29.948214+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2423460"
}
],
"notes": [
{
"category": "description",
"text": "Storybook is a frontend workshop for building user interface components and pages in isolation. A vulnerability present starting in versions 7.0.0 and prior to versions 7.6.21, 8.6.15, 9.1.17, and 10.1.10 relates to Storybook\u2019s handling of environment variables defined in a `.env` file, which could, in specific circumstances, lead to those variables being unexpectedly bundled into the artifacts created by the `storybook build` command. When a built Storybook is published to the web, the bundle\u2019s source is viewable, thus potentially exposing those variables to anyone with access. For a project to potentially be vulnerable to this issue, it must build the Storybook (i.e. run `storybook build` directly or indirectly) in a directory that contains a `.env` file (including variants like `.env.local`) and publish the built Storybook to the web. Storybooks built without a `.env` file at build time are not affected, including common CI-based builds where secrets are provided via platform environment variables rather than `.env` files. Storybook runtime environments (i.e. `storybook dev`) are not affected. Deployed applications that share a repo with your Storybook are not affected. Users should upgrade their Storybook\u2014on both their local machines and CI environment\u2014to version .6.21, 8.6.15, 9.1.17, or 10.1.10 as soon as possible. Maintainers additionally recommend that users audit for any sensitive secrets provided via `.env` files and rotate those keys. Some projects may have been relying on the undocumented behavior at the heart of this issue and will need to change how they reference environment variables after this update. If a project can no longer read necessary environmental variable values, either prefix the variables with `STORYBOOK_` or use the `env` property in Storybook\u2019s configuration to manually specify values. In either case, do not include sensitive secrets as they will be included in the built bundle.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Storybook: Storybook: Information disclosure via unexpected bundling of environment variables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as it can lead to the unintended exposure of sensitive environment variables. This occurs when a Storybook project is built using the `storybook build` command in a directory containing a `.env` file, and the resulting bundle is subsequently published to a web-accessible location. Storybook instances built without `.env` files or run in development mode (`storybook dev`) are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68429"
},
{
"category": "external",
"summary": "RHBZ#2423460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423460"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68429",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68429"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68429",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68429"
},
{
"category": "external",
"summary": "https://github.com/storybookjs/storybook/security/advisories/GHSA-8452-54wp-rmv6",
"url": "https://github.com/storybookjs/storybook/security/advisories/GHSA-8452-54wp-rmv6"
},
{
"category": "external",
"summary": "https://storybook.js.org/blog/security-advisory",
"url": "https://storybook.js.org/blog/security-advisory"
}
],
"release_date": "2025-12-17T22:26:55.732000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-16T12:56:05+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2737"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:1dc2620596822eb28fb997bc51ad2ecb352011e63f4c54fb650bc3e4c8009c4e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:25ba51881b0dbabd2911ec309a1aa881cfb8075605a6d50dac63751482a55d62_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:b219c4478e43d68d1a3f2bb9aa0ec16cd30d11587d48ab5952ac09b03771c396_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/grafana-rhel9@sha256:eca201d07c2a36e80e38d331ac5daf176ae85b6f36884bb6cb22df27dc14eb63_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:5eb26c2ee619ea24d5fa836b1d34e18fcaf83ce5202f9cb5e57adc4c1860cedb_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:72e2a67c8f707d8c4c0657b2d69e47e3d426db857e8270330fcff59f7145f362_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:ad1d4a09a47b2770be8feffed6cf0b8da2305b0472515ebbb08ebda65d608e79_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/keepalived-rhel9@sha256:f00d96629947fa7b290d75ed751bc3e6a514cee8545307f1685d05662b3257cb_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:2325f237ab329cb3f1d3db4da40ed19f68d6daa2a5902c71be3f0d3cfcadd503_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:bf39728adabe9f4c9b50eed0af81d3524ed655718a0e3f86fa1f77aa6ccdb4d2_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:c571ca5630d65b34f08776d61f6be269a5e819dd870a99530993adc50c19e43e_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:ecd314ed5a994812d976dbccf0d3c4db54fadf5c1cba46d1fa0b2f0a1fd0e921_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:60f49f5b8bf2a681ee8fc8b5cd1351f70c1fe9a0052b4ec4806f6f5e996c14ad_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:9ed8cbcf7d72efc99c619dbebb4f0dc548ac574d76f321efd5bc077ab35051c7_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:e856a58e6720d1fb05988d53f5b5868f10407551f8dfffd8b27e30d683b79920_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:edb5ff30f3984733c7c778e06a05fedf562790e9b2baf7f91f23b84e3db1228f_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:224d90fd4efbf139fa0a8f37705af8556c89128d9fe9911de8a421877e920746_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:91606367539bd6d36ad256a49a14f94eb534de2ad28e894d18288d97612fda7c_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:d287d7b9594acfc6c2a49e9734c4699a7f641a24c136af2a984ce91ea2c3bdb1_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:fe7eac5ba8577d0f36408c3f8be773c4e95ef57ded868a47cf80f669c51dca98_arm64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:064b805df36b0ce427e9aa04177bce9334b1f691f2d3f15e469b9b969ce34bd4_amd64",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:3a2e53f6ac97df7e08ea40464916bbb50edb2bbfd5623b1037a04a8cd7f80ee6_s390x",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:d19e8224bbbc5b8a5c4c4ce7e3f7406d93c7e8de87de638f20cd806bcb8049c0_ppc64le",
"Red Hat Ceph Storage 8:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:f31fe74f9dfb4a181358d4513573690c60fee2b3658472269239189374636a11_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Storybook: Storybook: Information disclosure via unexpected bundling of environment variables"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…