RHSA-2026:28571
Vulnerability from csaf_redhat - Published: 2026-06-23 21:51 - Updated: 2026-06-24 16:34Summary
Red Hat Security Advisory: Red Hat Quay 3.9.23
Severity
Important
Notes
Topic: Red Hat Quay 3.9.23 is now available with bug fixes.
Details: Quay 3.9.23
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier (URI) that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw separators, which can change the URI's intended authority. This issue allows applications that perform host allowlist checks, redirect validation, or outbound request routing to be steered to a different authority than specified, potentially bypassing security controls.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64 | — |
Threats
Impact
Important
A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.
8.1 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64 | — |
Threats
Impact
Important
A flaw was found in kafka-python. A malicious or machine-in-the-middle broker could exploit a denial-of-service vulnerability during SCRAM authentication. By providing an excessively large iteration count, the broker can cause the client's event loop to freeze. This prevents critical operations such as sending messages, polling for new messages, and maintaining heartbeats, ultimately leading to consumer group eviction and persistent connection failures.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64 | — |
Threats
Impact
Important
A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le | — |
Vendor Fix
fix
Workaround
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in PyJWT, a Python library for JSON Web Token (JWT) implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys (JWK) in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the secret key for the HMAC algorithm, leading to the ability to forge JWTs. This vulnerability can result in authentication bypass or unauthorized access.
7.4 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le | — |
Vendor Fix
fix
|
Known not affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64 | — |
Threats
Impact
Important
References
46 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.9.23 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.9.23",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:28571",
"url": "https://access.redhat.com/errata/RHSA-2026:28571"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-10143",
"url": "https://access.redhat.com/security/cve/CVE-2026-10143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44496",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48526",
"url": "https://access.redhat.com/security/cve/CVE-2026-48526"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-6322",
"url": "https://access.redhat.com/security/cve/CVE-2026-6322"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9277",
"url": "https://access.redhat.com/security/cve/CVE-2026-9277"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_28571.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.9.23",
"tracking": {
"current_release_date": "2026-06-24T16:34:48+00:00",
"generator": {
"date": "2026-06-24T16:34:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2026:28571",
"initial_release_date": "2026-06-23T21:51:13+00:00",
"revision_history": [
{
"date": "2026-06-23T21:51:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-23T21:51:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-24T16:34:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.9",
"product": {
"name": "Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.9::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=1781940738"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1781940084"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=1781942234"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1781938954"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1781939557"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Aa8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1781620752"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1781938913"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=1781942833"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1781939020"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1781878070"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1781940084"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1781938954"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1781620752"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1781938913"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1781939020"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Acf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1781878070"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1781940084"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Aab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1781938954"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Adda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1781620752"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d?arch=s390x\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1781938913"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1781939020"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1781878070"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-6322",
"cwe": {
"id": "CWE-140",
"name": "Improper Neutralization of Delimiters"
},
"discovery_date": "2026-05-05T11:01:00.332189+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466684"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier (URI) that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw separators, which can change the URI\u0027s intended authority. This issue allows applications that perform host allowlist checks, redirect validation, or outbound request routing to be steered to a different authority than specified, potentially bypassing security controls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-uri: fast-uri: URI authority bypass due to improper delimiter handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-6322"
},
{
"category": "external",
"summary": "RHBZ#2466684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466684"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-6322",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc",
"url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc"
}
],
"release_date": "2026-05-05T10:29:16.378000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T21:51:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28571"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fast-uri: fast-uri: URI authority bypass due to improper delimiter handling"
},
{
"cve": "CVE-2026-9277",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-05-22T14:01:14.427751+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480741"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9277"
},
{
"category": "external",
"summary": "RHBZ#2480741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9277",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9277"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote",
"url": "https://github.com/ljharb/shell-quote"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote/commit/1518179",
"url": "https://github.com/ljharb/shell-quote/commit/1518179"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p",
"url": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/shell-quote",
"url": "https://www.npmjs.com/package/shell-quote"
}
],
"release_date": "2026-05-22T13:22:38.873000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T21:51:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28571"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators"
},
{
"cve": "CVE-2026-10143",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-06-10T21:02:14.712750+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487722"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in kafka-python. A malicious or machine-in-the-middle broker could exploit a denial-of-service vulnerability during SCRAM authentication. By providing an excessively large iteration count, the broker can cause the client\u0027s event loop to freeze. This prevents critical operations such as sending messages, polling for new messages, and maintaining heartbeats, ultimately leading to consumer group eviction and persistent connection failures.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kafka-python: kafka-python: Denial of Service via excessive SCRAM authentication iteration count",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-10143"
},
{
"category": "external",
"summary": "RHBZ#2487722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487722"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-10143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-10143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-10143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10143"
},
{
"category": "external",
"summary": "https://github.com/dpkp/kafka-python/commit/6e4831444f972d169cdd11f5c8d50333cea3f19b",
"url": "https://github.com/dpkp/kafka-python/commit/6e4831444f972d169cdd11f5c8d50333cea3f19b"
},
{
"category": "external",
"summary": "https://github.com/dpkp/kafka-python/pull/3019",
"url": "https://github.com/dpkp/kafka-python/pull/3019"
},
{
"category": "external",
"summary": "https://github.com/dpkp/kafka-python/pull/3026",
"url": "https://github.com/dpkp/kafka-python/pull/3026"
},
{
"category": "external",
"summary": "https://www.vulncheck.com/advisories/kafka-python-prior-to-dos-via-scram-iteration-count-in-scram-py",
"url": "https://www.vulncheck.com/advisories/kafka-python-prior-to-dos-via-scram-iteration-count-in-scram-py"
}
],
"release_date": "2026-06-10T20:22:39.262000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T21:51:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28571"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kafka-python: kafka-python: Denial of Service via excessive SCRAM authentication iteration count"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T21:51:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28571"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
},
{
"cve": "CVE-2026-44496",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-06-11T17:01:15.856386+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "RHBZ#2487943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44496",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44496"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf"
}
],
"release_date": "2026-06-11T15:34:28.492000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T21:51:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28571"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name"
},
{
"cve": "CVE-2026-48526",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-05-28T16:01:22.805235+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2482734"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in PyJWT, a Python library for JSON Web Token (JWT) implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys (JWK) in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer\u0027s public key as the secret key for the HMAC algorithm, leading to the ability to forge JWTs. This vulnerability can result in authentication bypass or unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48526"
},
{
"category": "external",
"summary": "RHBZ#2482734",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482734"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48526"
},
{
"category": "external",
"summary": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx",
"url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx"
}
],
"release_date": "2026-05-28T15:09:09.258000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-23T21:51:13+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:28571"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0ed9d3a90f5b0f2adaba21b49ef3c629d69fd3554f38d2a26525b2fdad3d4fe8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:36dc50c6b2b176b98b05f0dce802794190122bd18ec265c40d0f9f4245b57564_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:654ef27ab24735981a6f28b743b13868f55ca94fdbd289cbbf136d4629eba75d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:312b8a6031010e33f8df1c6e90ff63ee6ba5ec109d5c23acdfb1bb413e119a7d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:25826b91cdcae78706045327f672a0544f4b9658a9914771b0fdab6a981e8bf8_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:44f88dd294f886ab69112ba29be6c04231018ad0d0192356386c4aee16207a5c_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ab8f84e82313f91c17dc0b23b81a7c2aa1fc15a17e50c97e24f98936e99e67b2_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:68d268d572984190bdecf678eaba8275593549bb92b7ca518e5e6b1c820bcd75_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:391a8858036bed2cb05cf0c37d905a2f6c367f4705795cd83e181274f5aed41a_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:a8af9488daf49202bdcb7f6ecd113d65a4c73148cad818ce870c5bc0b9250bba_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:dda77e696c2272f8e172e04241e8d2cb3d3004c17759d36f5b3c520b6cd8850b_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:97f36276e98ba3d93763bfe7c921bca2f41ee4f7fbdbe6052aea28122f38259b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:3e637bf12fb1c68ffbe8d278b7e9377dddd91d9d597daa6451de20b9dafa9111_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4581e59d102f9bce89bb976b21d82551c1728b893106c6daa6bcbca222718340_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6fb549bf38e1972c8b7694bd38c132d4559309da05d46c9d3ca06dee08edb1bc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:4e6449a8207bc33afc86df358ce021253040d871610c1a8681f61991b74cf121_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:0e9272374dc0faf6b8e69561f06ab5fc455999f7716ca57e4e4c811f049cb2ca_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:4ba90ed26dc4d0cb7ec9dcf0ba6ed23e33c5e0ae239e8e0fc258099d251184e4_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:6272448836f183b0b2e01598a5dcccb0c74fc35c91936e9eb5f32017d2a66f2b_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:5b565745268aa52a83c9b145ef4abf1a6bb1f1aff7b08c64e461a5d959721a14_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:6f58133b6e8c814219f6ffbc25119adae1facf42108d62c8271055e507af5b00_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:cf6779d291c210b654b14bf86b229d4743fd5c66e04081b8f9796e4b6e0ea040_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…